news

Cyber Resilience? Sony Employees Back To Faxes and Face to Face

There’s a fascinating article on TechCrunch that cites a current (anonymous) Sony Pictures Entertainment employee talking about life at the company in the wake of a crippling November 24th cyber attack that wiped out thousands of computer systems and stole terabytes of data from the company. According to the story, Sony employees have resorted to using circa 1990s fax machines to transmit documents and – horror – having face to face communications in lieu of texting, e-mail or social networking, all of which are disabled within Sony’s environment. [Read more Security Ledger coverage of the Sony Pictures hack here.] “We had barely working email and no voicemail so people talked to each other,” the source tells TechCrunch. “Some people had to send faxes. They were dragging old printers out of storage to cut checks…It was crazy.” “That is what a major corporate security breach sounds like,” TechCrunch writes. “The squeal […]

Continue Reading

Research Warns of Cyber-Physical Attacks Against Vessel Tracking System

Researchers at Trend Micro report that an analysis of a vessel tracking system that is mandated on most large sea vessels has found that it is vulnerable to a range of possible software- and radio-based attacks. The vulnerabilities could be exploited in ‘cyber-physical’ attacks against the Automated Identification System (AIS) that directed ships off course or confused officials by mis-reporting the actual location of vessels, the researchers found. Trend Micro researchers Marco Balduzzi and Kyle Wilhoit presented their research at the Annual Computer Security Applications Conference (ACSAC) in New Orleans this month. AIS is a global system for tracking the movement of vessels. It is intended to supplement marine radar and relies on ship, land and satellite-based systems to exchange data on ships’ position, course and speed and is used for everything from collision avoidance to security, ship-to-ship communications and weather forecasting.  AIS is required to be deployed on all passenger vessels and on international-voyaging ships […]

Continue Reading

Are You Creating A Culture of Security?

Here at The Security Ledger, we’ve written often about the barriers to improving the security practices of software development organizations. It is simple enough to say things like “we have to teach people to write code that is secure. But to actually accomplish that across the myriad of companies that do software development is akin to boiling the ocean. Still, it is a far more manageable problem at the level of a single organization. In fact: it is quite do-able. How? That’s the subject of a Google Hangout Security Ledger is doing this afternoon in conjunction with Veracode. The topic: creating a culture of security within your organization.  In the hangout, I will be speaking with Veracode’s Chris Eng and Greg Nicastro about how Veracode, itself, built its secure development culture from the ground up. This is going to be a great discussion. Greg is the Executive Vice President of […]

Continue Reading

Wearable Cameras Birth A New Biometric

  Wearable technology is a burgeoning category, and products like Google Glass and smart watches are just the beginning. As with mobile phones, on-board cameras are sure to be de rigueur. But, as this article over at The Verge notes, those cameras will present new challenges (for privacy) and new opportunities (for security). Specifically: cameras coupled with your body seem to create new kinds of opportunities to uniquely identify you. One example: gait biometrics. The Verge notes recent research published by Professor Shmuel Peleg and Yedid Hoshen of the Hebrew University of Jerusalem. Those researchers created a way to identify first-person filmmakers based on the signature wobble of their cameras. The identity of the user can be determined “quite reliably from a few seconds of video,” the researchers write in their paper. [Interested in biometrics and wearables? Check out our article “Are Wearables the Future of Authentication?“] “The idea of distinguishing one person from […]

Continue Reading

Intel’s New IoT Platform Emphasizes Security

Intel unveiled a new Internet of Things platform this week dubbed (surprisingly enough) the “Intel IoT Platform.” The goal is to provide a unified platform for connecting diverse and distributed connected things. Given Intel’s big investment in security with the purchase of McAfee, its no surprise that security is a big part of the “value add” for the IoT platform. Intel says that its IoT platform promotes interoperability of network, operational technology and information technologies. The IoT Platform envisions  Intel Quark™ to Intel Xeon, and Intel-based devices, gateways, and datacenter solutions with hardware-based root of trust. With hardware enabled identity and secure boot features, Intel believes that you can eliminate a wide range of malicious attacks and compromises. Intel’s IoT Gateway devices are based on its 2009 acquisition of WindRiver. They also wrap security intelligence from Intel’s acquisition of McAfee.  Specifically, Intel has embedded anomaly and intrusion detection and prevention capabilities in […]

Continue Reading
1 40 41 42 43 44 76