Risk

Cars Become Gadget-ized, Govt. Warns On Privacy Risk

Your car is a lot more than just a car these days. Forget about the in-car entertainment system with the USB port and the iPhone jack. If you drive a late-model vehicle, it has been tricked out with hundreds of wireless sensors to monitor everything from tire pressure to braking and acceleration. These sensors communicate over a VAN – or Vehicle Area Network – that’s not all that different from the LAN that connects the computers, servers, printers and other peripheral devices in your office. Beyond that, automakers are taking their cue from mobile device makers- and for good reason. Apple booked $10 billion in sales through its AppStore in 2013 alone. That’s not too shabby, when you consider that much of that revenue came in $.99 increments! But, as Jessica Naziri (@jessicanaziri) noted in yesterday’s Los Angeles Times, cars are the new gadgets. After all, the Detroit Auto Show is still […]

Continue Reading

IoT Hackers Await Their Killer App

The next year will see the continued blurring of lines between the worlds of IT security and what we’ve come to think of as the ‘rest of our lives.’ But those who expect to see a large shift in malicious activity to the Internet of Things in 2014 will be disappointed.   That, according to a report from the security firm Trend Micro, which argues that Internet of Things malware and attacks are still a ways off – as cyber criminals await a “killer app” that will boost adoption and provide a common platform to attack. The prediction is part of “Blurring Boundaries,” a 2014 outlook report from Trend that argues IoT threats are mostly future-tech. “While we certainly think that attacks on IoT devices and the underlying architecture will be a major area of attack in the future, that future will not be until 2015 and beyond” writes Robert McArdle, […]

Continue Reading

US CERT Warns About Point-of-Sale Malware

With news of the breach of big-box retailer Target Inc. still in the headlines, the U.S. Computer Emergency Readiness Team (CERT) issued a warning about the danger posed by malicious software targeting Point of Sale (POS) systems. CERT issued an advisory (TA14-002A) on Thursday asking POS owners to take steps to secure the devices, and telling consumers to beware.  The warning comes after a string of reports that suggest that malware attacking point of sale systems is on the rise. In December, researchers from Arbor Networks said they had detected an “active PoS compromise campaign” to steal credit and debit card data that used the Dexter and Project Hook malware. Dexter is a Windows-based program that was first discovered in December, 2012 by Seculert, an Israeli security firm. It is still not known whether malware played a part in the huge theft of credit card data from Target Inc. That […]

Continue Reading

Are We Even Trying To Defend The Internet of Things?

Josh Corman has been a frequent mention on this blog. Josh, who is the Director of Security Intelligence at Akamai Technologies, joined me on the first episodes of Talking Code, speaking about application security and The Internet of Things. He talked candidly about the role that platform security played in his thinking about buying a new car. Well, a few months have passed and now Josh has the new car. But now that he has it, he’s thinking more than ever about the security problem as it pertains to the Internet of Things. In this video, from a TEDx event in Naperville, Illinois (right outside Chicago), Josh talks about his evolving theory of security on the Internet of Things. The IoT, he says, is a “tidal wave” of change that will transform our lives – connecting every aspect of life via software. But this growing amalgam of Internet connected stuff […]

Continue Reading

NSA Toolbox Included Hacks For Juniper, Cisco, Dell

The German magazine Der Spiegel made headlines this week with its story detailing the US National Security Agency’s (NSAs) offensive hacking capabilities. The story is based on classified NSA documents absconded with by former contractor Edward Snowden and lays bare a Webster’s Dictionary full of classified hacking tools and programs.   Among the highlights of the story: + The NSA developed and deployed a wide range of hacking tools that could compromise hardware from leading IT and networking equipment makers including Cisco Systems, Juniper Networks and the Chinese vendor Huawei and Dell Inc.   + The NSA tools were designed to provide persistent access that allowed the NSA to monitor activity on the compromised endpoint, avoid detection by third party security software and survive software and firmware updates. One such tool, DEITYBOUNCE, provided persistent access to Dell’s PowerEdge servers by “exploiting the system BIOS” and using “System Management Mode to […]

Continue Reading
1 30 31 32 33 34 36