privacy

SANS’ Pescatore: Security Needs Rethink For Internet Of Things

Our friends over at InfoSecurity Magazine have an interesting interview with SANS’ Director of Emerging Security Trends John Pescatore about security and The Internet of Things. Pescatore gets a somewhat skeptical hearing from the enterprise-focused IT security publication. (“Granted, it’s unlikely that anyone would be sending a car an email with a malicious executable, but that doesn’t mean there aren’t threat vectors for hackers to exploit,” InfoSecurity opines, by way of an introduction. Oh really?) But Pescatore brings a “deep field” view to this topic, noting that the security issues around IoT are already upon us in the spent almost two decades as Gartner’s Obi-Wan Kenobi for security, where he advised companies and technology vendors on the best way to navigate the shifting sands of the IT security space. Speaking to InfoSecurity, Pescatore says the 100,000 foot message is: ‘let’s learn from our mistakes.’ Specifically, that means not looking at intelligent devices, including […]

Privacy: From Right To Fight

As more and more of our public and private spaces are equipped with remote sensing and surveillance technology, personal privacy – at least as it has been understood for the last two or three centuries – is endangered. The solution, of course, is through improved privacy legislation and, perhaps, a more expansive reading of the U.S. Constitution’s 4th Amendment protecting against search and seizure. But, with policymakers in Washington D.C. stuck in a rut, and many EU nations as hooked on surveillance as the U.S., the onus falls to individuals to do what they can. That’s the subject of my latest column for ITWorld, where I talk about what is likely to be the next stage in our society’s rapid evolution on matters of privacy and security, what I’ve termed “The Jamming Wars.” Like other social movements, this will be fueled by a growing rift between the law and a […]

BadNews Android Applications

New Mobile Malware Taps Ad Networks To Spread

It was only a couple weeks back that we wrote about new research from the folks at WhiteHat Security that posited a way for mobile ad networks to be gamed and used to distribute malicious code. Now it looks as if the bad guys were one step ahead, as researchers at Palo Alto Networks reveal new type of malicious Android malware that uses mobile ad networks to infect vulnerable devices. Palo Alto described the new, malicious mobile software, dubbed “Dplug,” in a blog post on Monday. The company said the malware authors appear to be leveraging second tier mobile ad networks, mostly in Russia and the former Soviet Republics), to distribute their wares. The Dplug malware takes advantage of the deep integration between mobile applications and mobile advertising networks to gain a foothold on infected devices, then send out messages to premium SMS services to generate money for the fraudsters, according […]

NEST Thermostat-BlackHat-scaled

Security Of “Things” Increasingly The Stuff Of Headlines

It looks as if the mainstream media is waking to the security implications of the “Internet of Things,” in the wake of recent demonstrations at the Black Hat and DEFCON conferences that highlight vulnerabilities in everything from home automation systems to automobiles to toilets. Stories in The New York Times and other major news outlets in the last week have highlighted concerns about “the cyber crime of things” as Christopher Mims, writing in The Atlantic, called it. Insecure, Internet connected devices ranging from surveillance cameras to home heating and cooling systems could leave consumers vulnerable to remote attacks and spying. The stories come after hacks to non-traditional computing platforms stole most of the headlines from this year’s Black Hat and DEFCON shows in Las Vegas. A compromise of a Toyota Prius hybrid by researchers Charlie Miller of Twitter and Chris Valasek of IOActive was featured prominently in stories by Forbes and […]

Anonymous Email Services Shutter In Wake Of Snowden

Podcast: Play in new window | Download ()Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeFaced with the prospect of being forced to turn over metadata from their customers’ private correspondence to secret courts in the U.S. or other countries, two prominent secure e-mail services decided this week to cease operation. The secure email service Lavabit – lately the choice of NSA leaker Edward Snowden – announced that it was ceasing operations on Thursday after ten years of operation. The announcement was followed, on Friday, by a similar one from the security firm Silent Circle, which operated Silent Mail. Both companies cited the difficulty of securing e-mail communications and the prospect of secret government subpoenas to obtain information on the activities of their customers as the reason for deciding to stop offering secure email services. In a message posted on the […]