news

Has the IoT Standards Train Already Left the Station?

The Harvard Business Review has an interesting blog post from last week that looks at the effort to develop standards and promote RFID (Radio Frequency ID), a kind of Ur-technology for our current Internet of Things. Writing on the HBR blog, Thomas Davenport and Sanjay Sarma note that the effort to develop RFID standards, led by MIT’s Auto-ID Labs, provides a possible model for the development of cross-vendor standards for the Internet of Things. However, the authors caution that it may already be too late to achieve consensus on standards to govern Internet of Things communications, given the heavy investment of large and wealthy technology companies in the standards process. One of the most successful elements of the RFID standards effort, which developed and promoted the EPCGlobal standard, was close collaboration between academics, technology vendors and end users.End users of the RFID technology – notably retailer WalMart, Procter & Gamble and […]

Continue Reading

Wellness Apps & Wearables Put You up for Sale | SANS Institute

  The SANS Institute’s Securing the Human blog has a nice, contributed article by Kelli Tarala of Enclave Security on the security and privacy implications of wearable technology. Among Tarala’s conclusions: health and so-called “quantified self” products do much more than gather health data like pulse and blood pressure. Rather: they are omnivores, gobbling up all manner of metadata from users that can be used to buttress health data. That includes who you exercise with, favorite walking- and jogging routes and the times you prefer to work out. Of course, social media activity is also subject to monitoring by these health apps, which often integrate with platforms like Facebook, Twitter and Pinterest to share workout information. [Read more Security Ledger coverage of wearable technology here.] All of this could spell trouble for consumers. To quote Tarala: “there are companies interested in your Quantified Self, but their goals may not be to health related.” […]

Continue Reading

Top News Sites Hacked, Syrian Electronic Army Claims Responsibility

The hacktivist group the Syrian Electronic Army claimed responsibility yesterday for a series of hacks of high-profile news sites including CBC News and The New York Times. The group, which has targeted western news outlets in prior incidents, claimed responsibility for the attack, in which visitors reported seeing a pop-up message informing visitors of the compromise. Through a Twitter account group claimed to have used the domain Gigya.com, which sells identity management services to corporations. The attackers manipulated Gigya’s account at domain registrar GoDaddy. Gigya’s operations team released a statement Thursday morning saying that it identified an issue with its domain registrar at 6:45 a.m. ET. The breach “resulted in the redirect of the Gigya.com domain for a subset of users,” CBC reported. Read more via Syrian Electronic Army claims hack of news sites, including CBC – Technology & Science – CBC News.

Continue Reading

NIST Sets Course For Handling Sensitive Data

The Snowden leaks were a wake-up call for U.S. Government agencies that the tools and processes to protect classified and sensitive data were woefully out of step with the current environment of small, capacious storage devices and powerful cloud-based secure communications and hosting platforms. But what about all the data that is stored on systems belonging to the (many) contractors that the government works with? Last week brings some clarification: a draft document from the National Institute of Standards and Technology (NIST) “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.” (Draft Special Publication 800-171). The new NIST document outlines steps for protecting sensitive unclassified federal information that resides in nonfederal information systems and environments. Those include non-federal information systems that lie outside of the scope of existing laws like the Federal Information Security Management Act (FISMA) and any components of nonfederal systems that process, store, or transmit CUI. Read more […]

Continue Reading

Surprise: Branding a Bug is just as Hard as Branding Anything Else!

ZDNet’s @violetblue has a nice piece on the new fad for naming vulnerabilities – seen most recently with the OpenSSL Heartbleed vulnerability and the “Shellshock” vulnerability in Linux’s common BASH  utility. As Blue notes, the desire to “brand” bugs “changes the way we talk about security” – in part by giving complex, technical flaws down a common referent. But does giving a bug a logo make it frivolous? As she notes: the penchant for naming vulnerabilities may stem not from a desire to trivialize them – but a very practical response to the need to keep track of so many security holes in software. Regardless, Heartbleed – and the marketing by the firm Codenomicon that surrounde it – was the bug that launched a thousand ships, including Shellshock, Sandworm, and more. Read more coverage of Heartbleed here. But, as with . As security research and incident response are becoming more lucrative, expect the masonry […]

Continue Reading
1 43 44 45 46 47 76