Internet of Things

Dan Geer’s Other Keynote: Embedded Devices Need A Time To Die

With the Black Hat Conference well under way and DEFCON starting later this week, the security world’s attention will turn to Las Vegas, where some of the cyber security industry’s top researchers and thinkers will be holding court. One of the most anticipated talks is the Black Hat Briefings opening keynote. This year, the honor goes to none other than Dr. Dan Geer, the CISO of In-Q-Tel, the investment arm of the U.S. intelligence sector. Geer’s talk  on Wednesday, August 6, 2014 is entitled “Cybersecurity as Realpolitik.” In anticipation of Dr. Geer’s Black Hat, we’re releasing another recent talk he gave: this one a keynote speech at our May, 2014 Security of Things Forum in Cambridge, MA. In this talk, Dan focused on the security of embedded devices and the fast-emerging Internet of Things. (A full transcript of the talk is available here.) “The embedded systems space, already bigger than what is normally thought of as […]

Continue Reading

PasswordsCon Preview: Passwords Are Dead. Long Live Passwords.

I had an opportunity to sit with Per Thorsheim, co-founder of PasswordsCon about next week’s Passwords14 Conference in Las Vegas, Nevada. If you haven’t checked it out before, PasswordsCon is the world’s premiere technical conference that is just focused on the security of passwords and pin codes. PasswordsCon is a one-of-a-kind event: bringing together folks whose specialty is cracking and defeating password security with security experts whose interest is in shoring up protections for sensitive data. This year’s conference, which is sharing space with the B-Sides Las Vegas Conference on August 5 and 6. PasswordsCon has earned a reputation for being the launching pad for some eye-popping new tools for password cracking. Back in 2012, we reported on a 25 GPU device that radically lowered the bar to cracking even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete. Among other things, the Conference will feature […]

Continue Reading

Report: CIA Fears the Internet of Things | Nextgov.com

A story by Patrick Tucker over at Nextgov.com picks up on some comments from Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology regarding the agency’s thinking about the Internet of Things. Meyerriecks was speaking at The Aspen Institute’s Security Forum on Thursday of last week in a panel on “The Future of Warfare.” Speaking about the topic of cyber warfare, she said that current debates about the shape of cyber war don’t address the “looming geo-security threats posed by the Internet of Things.” Meyerriecks cited the now-debunked Proofpoint report about smart refrigerators being used in spam and distributed denial of service attacks.” She also mentioned “smart fluorescent LEDs [that are] are communicating that they need to be replaced but are also being hijacked for other things.” Those might be some sensational (and dubious) examples, but Meyerriecks main point was more pedestrian: that we’re on the cusp of disruptive […]

Continue Reading

Micro Survey of Smart Home Devices Finds Much To Fault

Larry Dignan over at ZDNet is writing about a new survey by HP’s Fortify application security division that finds 70 percent of Internet of things devices have exploitable software vulnerabilities. Some caveats: HP makes its conclusions based on scans of “10 of the most popular Internet of things devices.” That’s a very small sample size that could (greatly) skew the results one way or the other. So take this with a grain of salt. You can download the full survey here. (PDF) [Read Security Ledger coverage of Internet of Things here.] According to Dignan, HP found 25 vulnerabilities per device. Audited devices included TVs, Webcams, thermostats, remote power outlets, sprinklers, door  locks, home alarms, scales and garage openers. One of each, from the sound of it. The findings, assessed based on the OWASP Internet of Things Top 10 list and vulnerability categories, account for the devices as well as cloud and […]

Continue Reading

Hacker Summer Camp: Security Cons Blossom In The Desert

The mercury is expected to top 104 degrees Fahrenheit (40 C) in Las Vegas next week. And that could mean only one thing: it’s conference time for some of the world’s top computer hackers.   Indeed, next week brings the 22nd installment of the DEFCON hacker conference in Las Vegas, and the 18th of Black Hat, DEFCON’s younger, more straight-lace sibling. But, while Black Hat and DEFCON are still the main attraction on the Las Vegas strip, they’re hardly the only shows in town. B-Sides Las Vegas, an alternative mini-con, is in its fifth year and is attracting many of the “cool kids” in the security community to do presentations and demos on Tuesday and Wednesday, August 5 and 6th over at the Tuscan Suites and Casino. Running alongside B-Sides is Passwords 14, a conference that started in Norway and is in its second year on U.S. soil. As its name would […]

Continue Reading
1 94 95 96 97 98 126