Opinion

APT or fANTasy: The Strange Story of BadBIOS

Yesterday over on Veracode’s blog I wrote about the ongoing saga of “BadBIOS” – a piece of malicious software that might be the most sophisticated virus ever written, or a figment of the imagination of Dragos Ruiu, the esteemed security researcher who says he discovered it on systems he owned. The story of BadBIOS reads like something out of science fiction. Ruiu has described it in interviews and blog posts as BIOS-based malware that can back door systems running a variety of operating systems – OS X, Windows and even OpenBSD. But it’s also described as an ephemeral kind of ‘we-don’t-know-what,’ that can’t be isolated or analyzed. One Twitter follower of Ruiu’s suggested designating it a “heisenbug” which he defined as “a software bug that seems to disappear or alter its behavior when one attempts to study it.” That would be funny if this weren’t deadly serious. For, really, one […]

Continue Reading

Supply Chain Transparency Doesn’t Extend To Security

We live in an ever-more unstable world in which massive disruptions, whether natural or man-made, are a frequent occurrence. Companies that make everything from aircraft to mobile phones to cappuccino need to be nimble – sidestepping global calamities that might idle assembly lines or leave customers without their morning cup of coffee.  As in other areas, the benefits of technology advancements like cheap, cloud based computing, remote sensors and mobility are transforming the way that companies manage their vast, global network of suppliers. These days, supply chain transparency is all the rage – allowing companies to share information seamlessly and in realtime with their downstream business partners and suppliers. Firms like the start-ups Sourcemap, and LlamaSoft are offering “supply chain visualization” technology that leverages a familiar formula these days: mobility, social networking, crowd-sourced intelligence, and “Big Data” analytics. [There’s more to read about supply chain security on The Security Ledger.]  However, as […]

Continue Reading

Week In Security: NSA Spies on Yahoo & Google, Adobe Hack and Healthcare.gov

There’s nothing like a Sunday morning for looking back over the week’s events and trying to make sense of at all – or at least what sense there is to be had. This Sunday was no different – especially after a week that saw continued revelations stemming from Edward Snowden’s leak of classified intelligence on NSA spying, the massive hack of software maker Adobe. Then there was the botched rollout of the federal Healthcare.gov marketplace – which morphed into an even bigger, uglier problem as the week progressed. To help me sort it all out, I called on Nick Selby, the CEO of StreetCred Software and an authority on cyber security, law enforcement, government procurement, Russia, Germany, aviation, travel journalism and all manner of other topics. I love talking to Nick because his wealth of life and professional experience make him predictably unpredictable when it comes to interpreting current events. […]

Continue Reading

Microsoft Tests Glass Competitor. But Do Wearables Threaten Privacy, Social Norms?

Forbes has a really interesting article a couple of days back that posited the huge dislocations caused by wearable technology – including front-on challenges to social norms that are thousands of years in the making and contemporary notions of privacy. The applications for wearable technology like Google Glass are too numerous to mention. Just a few include “heads up” displays for surgeons in the operating room. Teachers (or their students) could benefit from having notes displayed in their field of vision, rather than having to resort to printed notes or the (dreaded) Powerpoint slide. But the devil is in the details of the wearable technology, Forbes argues. Unlike external devices – pagers, mobile phones, smart phones – wearable tech is more intimately connected to ourselves: in constant contact with our bodies and notifying us with vibrations and sounds in ways that it may be difficult to ignore, Forbes argues. Indelicately implemented, […]

Continue Reading

IT Risk And The Zombie Apocalypse: Surviving The Onslaught

One of the most vexing problems that faces IT organizations these days is how to measure their relative risk of being hacked or otherwise attacked. This sounds like pretty dry stuff, but it’s not. Failing to adequately account for your risks and exposure can mean the difference between swatting away an annoying intrusion attempt, and watching as foreign competitors or nation-states siphon off your critical intellectual property, bleeding your company of its competitiveness. But raising the alarm about this is always a tricky matter. Soft pedal it, and nobody takes you seriously. Scream from the rafters and …well…you’re screaming from the rafters. My friend and former colleague Josh Corman, however, found a good metaphor for the whole affair: the ZOMBIE APOCALYPSE. It’s all a bit of fun – though Mr. Corman is dead serious about the zombie stuff. Still, the idea is simple: attacks on your network and those of […]

Continue Reading
1 35 36 37 38