The tech publication eWeek has an interesting interview with Sujata Ramamoorthy, the director for global information security for Cisco’s Threat Response, Intelligence, and Development (TRIAD) group about the impact of Internet of Things technology on the (already painful) shortage of IT security workers. According to Ramamoorthy, adoption of Internet of Things technologies and platforms will exacerbate the IT security worker shortage. “These trends are what are fueling the need for additional security skills in the industry, and because the networks themselves are getting more complex, the applications communicating over them are getting more complex,” she told eWeek reporter Rob Lemos. The increasing complexity of information infrastructure in IoT deployments, an explosion in the number of connected endpoints and a corresponding lack of visibility into cloud services all make the shortage of corporate security experts more critical, Ramamoorthy said. Already there is an estimated 1 million information-security staff and manager shortage globally, according […]
Risk
The Week in Data Breach: Pizza And Chinese Food
The news over the weekend was about more data breaches affecting chain restaurants. First, there are reports that the pizza chain Domino’s appears to have been hacked. The news came by way of an online post on Friday by a group claiming to have compromised servers used by Domino’s to store data on customers in France and Belgium. (Cached version of the announcement can be viewed here.) The group claims to have made off with information including the user name and password for 592,000 French customers and over 58,000 records from Belgian customers. It has asked Domino’s for payment of €30,000 in exchange for the data. The company has acknowledged the attack, but claims no customer financial data was stolen. In other news, the Chinese restaurant chain PF Chang’s acknowledged on Thursday that it was, indeed, the victim of a successful cyber attack that a breach last week that resulted […]
IPMI’s Inconvenient Truth: A Conversation With Dan Farmer
The work of brilliant computer security researchers often borders on a kind of madness. After all, it takes dedication and a certain amount of monomania to dig through the mush of disassembled source code or the output of application fuzzers and find the one software vulnerabilities – or chain of vulnerabilities – that might lead to a successful attack. Often, this work puts you at odds with what most of us consider “the real world.” Notably: the well-respected researcher Dragos Ruiu had many in the security community wondering about his sanity after he sounded the alarm about a super stealthy piece of BIOS malware he dubbed “BadBIOS” that seemed to be everywhere and nowhere, all at once. Dan Farmer finds himself in a similar position as he continues to sound alarms about the security threat posed by insecure implementations of the Intelligent Platform Management Interface (IPMI)– a ubiquitous protocol used to do remote […]
IPMI Insecurity Affects 200k Systems
It has been almost a year since security researcher Dan Farmer first warned of the danger posed by Intelligent Platform Management Interface (IPMI) – a ubiquitous protocol used to do remote management of servers. According to a new report, however, that warning went unheeded. Writing last week (PDF), Farmer said that a world-wide scan for systems using the Intelligent Platform Management Interface (IPMI) protocol identified over 230,000 Baseboard Management Controllers (BMCs) exposed to the Internet. As many as 90% of the exposed systems could be compromised by exploiting what Farmer characterized as “basic configuration and protocol weaknesses.” Even more worrying, the 230,000 systems that are Internet accessible are probably just a fraction of all the vulnerable systems that might be attacked, with many deployed on (hackable) corporate and private networks. Farmer is reiterating calls for public and private sector organizations to wake up to the dangers posed by IPMI. Hackers who are able to compromise Baseboard Management […]
Gameover Not The End: Zeus Malware Still Threatens Fortune 500
Prolexic, a division of Akamai, issued an advisory to Fortune 500 firms on Monday about what it calls “a high-risk threat of continued breaches from the Zeus framework.” The company’s Security Engineering & Response Team (PLXsert) said on Monday that it has observed new payloads from the Zeus crimeware kit in the wild, and that networks of Fortune 500 companies are a prime target. Cyber crime groups are using Zeus to steal login credentials and gain access to web-based enterprise applications, as well as online banking accounts, Akamai warned. “The Zeus framework is a powerhouse crimeware kit that enterprises need to know about to better defend against it,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai, in a statement. “It’s hard to detect, easy to use, and flexible – and it’s being used to breach enterprises across multiple industries.” A variant of Zeus, Gameover, was the subject […]
