application security

Tesla Looks to Build Out Internal Hacking Team| Car and Driver Blog

Car and Driver has an interesting news item today on Tesla’s continuing efforts to build an internal team of software hackers to shore up the security of its connected cars.   C&D reports that Tesla is looking to hire up to 30 full-time employees from the hacking community, and used the recent DEFCON hacking conference in Las Vegas to recruit talented software hackers, reverse engineers and the assorted polymaths who attend. Tesla gave out tokens that could be exchanged for a tour of the Tesla factory at the show. “Our security team is focused on advancing technology to secure connected cars, setting new standards for security, and creating new capabilities for connected cars that don’t currently exist in the automotive industry,” Tesla spokeswoman Liz Jarvis-Shean told C&D. California-based Tesla has already been making the rounds of security conferences. It also made headlines for hiring Kristin Paget, a well-respected hardware hacker […]

Continue Reading

Update: Facebook awards $50K Internet Defense Prize for Work on Securing Web Apps

Saying that research dollars for cyber security are disproportionately devoted to work on “offensive” techniques (like hacking), social media giant Facebook has awarded two researchers  a $50,000 prize for their work on cyber defense. The company announced on Wednesday that Johannes Dahse and Thorsten Holz, both of Ruhr-Universität Bochum in Germany for their work on a method for making software less prone to being hacked. The two developed a method for detecting so-called “second-order” vulnerabilities in Web applications using automated static code analysis. Their paper (PDF here) was presented at the 23rd USENIX Security Symposium in San Diego. In a blog post announcing the prize, John Flyn, a security engineering manager at Facebook, said the Internet Defense Prize recognizes “superior quality research that combines a working prototype with significant contributions to the security of the Internet—particularly in the areas of protection and defense.” Dahse and Holz’s work was chosen by a panel […]

Continue Reading

Time for an Administrator of Things (AoT)? – Security Intelligence Blog

Trend Micro’s Security Intelligence Blog has an interesting post today that looks at the changing demands of networked environments populated by smart “stuff.” Their conclusion: homes and businesses might find increasing need for someone to manage smart devices. “Managing a household full of smart devices calls for the skills of both a multi-user IT administrator and a handyman. Let’s call this role the Administrator of Things (AoT).” As in the early days of business networks, this role is currently ill-defined, Trend notes, with “ordinary users” taking on AoT tasks despite “scant evidence that they are ready for it.” Trend’s Geoff Grindrod doesn’t take a strong position on what the implications of all this complexity. (“This is something that should be looked into,” the report says.) However, he does anticipate friction. “How well people can actually perform (the job of AoT) has a huge impact on their daily lives, which includes the security of their household,” […]

Continue Reading

Report: Android Shield Adds Invisible Encryption To Mobile Apps

Wired reports on a team from Georgia Tech that has designed software that acts as an overlay on Android smartphones’ communication applications, encrypting communications to and from those apps, while mimicking their user interface. The researchers describe the technology as a “transparent window” over apps that prevents unencrypted messages from leaving the user’s device. “The window acts as a proxy between the user and the app. But the beauty of it is that users feel like they’re interacting with the original app without much, if any, change,” says Wenke Lee, the Georgia Tech professor who led the developers. “Our goal is to make security that’s as easy as air. You just breathe and don’t even think about it.” The researchers call their prototype Mimesis Aegis, or M-Aegis, Latin for “mimicry shield.” They plan to present their research at the Usenix Security conference this week. Read more via Wired: This Android Shield Could […]

Continue Reading

How The UK’s HACIENDA Program Targeted Entire Countries

The folks over at Heise/c’t Magazin revealed leaked, classified documents to report on HACIENDA, a GCHQ program to deliver country-wide Internet reconnaissance for so-called “five eyes” nations, including the US (NSA), Canada and Australia. And, as Bruce Schneier points out – its not clear that these documents were from Edward Snowden’s trove of classified NSA materials. HACIENDA involves the large-scale use of TCP “port” scans to profile systems connected to the Internet, in addition to profiling of enabled applications. According to Heise, which published a classified slide deck. GCHQ claimed to have canvassed 27 countries through the program. A list of targeted services includes ubiquitous public services such as HTTP and FTP, SSH (Secure Shell protocol) and SNMP (Simple Network Management Protocol). The Heise report, prepared by Julian Kirsch, Christian Grothoff, Monika Ermert, Jacob Appelbaum, Laura Poitras and Henrik Moltke claim that HACIENDA’s goal was to perform active collection and map vulnerable services across […]

Continue Reading
1 22 23 24 25 26 47