Interview Archives

Interview

Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix?

May 30, 2014 Paul Roberts

Like everyone else, we wrote extensively in the last month about the serious security vulnerability in OpenSSL dubbed “Heartbleed,” which affected many of the world’s leading web sites and services, including Facebook and Google. The large-type headlines about Heartbleed have passed. But that doesn’t mean that the danger has. As we have noted, we are entering a phase that might be considered Heartbleed’s ‘long tail.’ Most of the well-trafficked websites that were vulnerable to Heartbleed have gotten around to fixing the vulnerability. But public-facing web servers are only the beginning of the story for OpenSSL. Chasing down the vulnerability’s long tail in third-party applications and on internal web sites and applications is a much larger task. As I’ve noted: open source components make their way into all manner of applications and bespoke products these days, often without any effort to assess the security of the borrowed code. For companies that need to protect critical IT […]

Pew: IoT Will Take Off By 2025, Despite Security Woes

May 15, 2014 Paul Roberts

A survey of technology experts by the Pew Research Center and Elon University predicts that the Internet of Things will take off in the next decade despite serious concerns about the security of IoT devices and the data they hold. The IoT will gain wide adoption in the next decade, with the result that many aspects of day-to-day life will be transformed by a combination of inexpensive sensors, cloud based computing and data analytics. The report cites a number of likely innovations that will become commonplace by 2025 – from “smart” food products that can report when they are exhausted or spoiled, to smart roads and infrastructure to “subcutaneous sensors or chips that provide patients’ real-time vital signs to self-trackers and medical providers.” The Pew Center canvassed more than 1600 technology leaders and analysts about the Internet of Things and published the findings of the survey on Wednesday. The survey population included […]

Cisco: Internet of Things Tips Scales In Favor Of Bad Guys?

April 27, 2014 Paul Roberts

A week from this Wednesday, the Security Ledger is hosting The Security of Things Forum: a day-long event in Cambridge, Massachusetts, that will explore the challenges of securing a global network of hundreds of billions of Internet connected devices. [Register here for The Security of Things Forum – Security and Internet of Things: May 7, Cambridge, MA] One of the big issues that we’ll be tackling is how the Internet of Things (or IoT) changes the security paradigm for enterprises and other large, IT-dependent organizations. Needless to say: the corporate network environment of 2020 won’t bear much resemblance to the network of 2000. But what kinds of tools and technologies will be needed to secure that environment and identify threats to the data stored on it? What security tools and strategies will go the way of the typewriter? What areas will require more investment? So far, the focus of discussions about IoT […]

IDS And The IoT: Snort Creator Marty Roesch On Securing The Internet of Things

April 13, 2014 Paul Roberts

Martin Roesch is one of the giants of the security industry: a hacker in the truest sense of the term who, in the late 1990s created a wide range of security tools as a way to teach himself about information security. One of them, the open source SNORT intrusion detection system, turned into one of the mostly widely used and respected security tools in the world. SNORT became the foundation for Sourcefire, the company Marty helped found in 2001. And Sourcefire went on to fantastic success: first as a startup, then as a publicly traded company and, as of October of last year, as part of Cisco Systems, after the networking giant bought Roesch’s company for $2.7 billion. These days, Marty serves as a Vice President and Chief Architect of Cisco’s Security Business Group, where he’s helping shape that company’s strategy for securing the next generation of enterprise (and post-enterprise) networks. […]

Perverse Security Incentives Abound In Mobile App Space

March 24, 2014 Paul Roberts

Security problems abound in the mobile device space – and many of them have been well documented here and elsewhere. While mobile operating systems like Android and iOS are generally more secure than their desktop predecessors, mobile applications have become a major source of woe for mobile device owners and platform vendors. To date, many of the mobile malware outbreaks have come by way of loosely monitored mobile application stores (mostly in Eastern Europe and Russia). More recently, malicious mobile ad networks have also become a way to pull powerful mobile devices into botnets and other malicious online schemes. But my guests on the latest Security Ledger podcast point out that mobile application threats are poised to affect much more than just mobile phone owners. Jon Oberheide, the CTO of DUO Security and Zach Lanier, a researcher at DUO, note that mobile OS platforms like Android are making the leap […]