processors

Google-DataCenter

Heartbleed: Technology Monoculture’s Second Act

Say ‘technology monoculture’ and most people (who don’t look at you cross-eyed or say ‘God bless you!’) will say “Microsoft” or “Windows” or “Microsoft Windows.” That makes sense. Windows still runs on more than 90% of all desktop systems, long after Redmond’s star is rumored to have dimmed next to that of Apple. Microsoft is the poster child for the dangers and benefits of a monoculture. Hardware makers and application developers have a single platform to write to – consumers have confidence that the software and hardware they buy will “just work” so long as they’re running some version of Windows. The downside, of course, is that the Windows monoculture has also been a boon to bad guys, who can tailor exploits to one operating system or associated application (Office, Internet Explorer) and be confident that 9 of 10 systems their malicious software encounters will at least be running some version of the […]

Linux IoT Worm Still Alive And Mining Virtual Coins

A few months ago we wrote about a new Internet worm notable because it spread between devices running the Linux operating systems, and because it had the ability to infect a range of non-PC devices including set top boxes. Symantec was quick to suggest that the worm, Linux.Darlloz, was the first “Internet of Things” malware. Now, three months later, Symantec is updating the story: noting that Darlloz is still out there, and seems to have  been put to use mining for virtual currencies. Writing on Symantec’s blog on Thursday, analyst Karou Hayashi said that researchers there discovered a new variant of Darlloz in January that included code changes and improvements from the version discovered at the end of 2013. Darlloz is versatile: it can run on devices using a variety of architectures, including the common Intel x86, but also hardware running the ARM, MIPS and PowerPC architectures. Those are more common […]

At FTC Forum, Experts Wonder: Is Privacy Passé?

The U.S. Federal Trade Commission (FTC) used a one-day workshop to highlight security and privacy issues prompted by so-called “Internet of Things.” But attendees at the event may have walked away with a more ambiguous message, as prominent technologists and industry representatives questioned whether conventional notions of privacy had much relevance in a world populated by billions of Internet-connected devices. “I don’t feel like privacy is dead,” keynote speaker Vint Cerf, a Vice President and Chief Internet Evangelist at Google, told an audience at the FTC workshop. “I do feel like privacy will be increasingly difficult for us to achieve,” Cerf warned. And Cerf wasn’t alone in wondering whether that might not be such a bad thing – or even that unusual. “Is privacy an anomaly?” Cerf wondered aloud, recalling his experience living in a small, German town where the “postmaster knew what everyone was doing.” Our modern concept of being ‘alone […]

Welcoming A New Sponsor: Mocana

You’ll notice some new artwork gracing The Security Ledger this week, and that’s because we’ve welcomed a new sponsor to the family: Mocana. I’d like to officially welcome them to the Security Ledger family.   This is a big win for Security Ledger.  Mocana will join Veracode, The Trusted Computing Group and Gemalto in underwriting The Security Ledger’s coverage of IT security news and the intersection of security with The Internet of Things (IoT). But we also win the support of a company that is all about IoT.   If you haven’t already checked out Mocana, I’d urge you to do so. Launched in 2004, the company’s expertise is in securing non-traditional endpoints. Mocana’s Device Security Framework, a suite of device-resident security software that is embedded into devices during the manufacturing process. DSF is a platform that supports a wide range of security functions, both through Mocana-created security modules and support of other […]

Sensinode Homepage

That ARM-Sensinode Buy: What Does It Mean For Security And IoT?

We wrote last week about the decision of chip-maker ARM to buy the small(ish) Finnish software maker Sensinode Oy, which has become a big player in the market for software that runs low power devices like embedded sensors. The deal makes sense at the 100,000 foot level – ARM makes chips that power embedded devices, Sensinode makes the software that is powered by them. Perfect. But the deal actually works at a bunch of different levels, as I learned from a conversation with Michael Koster, the co-founder and lead architect at the group The Open Source Internet of Things (OSIOT). Koster is an authority on The Internet of Things and has helped create open-source toolkits and APIs that promote interaction among intelligent devices. Koster said that ARM’s purchase of Sensinode is as much about both firms’ investment in emerging IoT standards for low-powered, intelligent devices like Constrained Application Protocol (CoAP) […]