firmware Archives

firmware

Building an Unhackable Autonomous Vehicle – CityLab

September 11, 2014 Paul Roberts

The folks over at The Atlantic have an intriguing take on the subject of “connected vehicles” and autonomous driving. Now this is a vision that we’ve been chasing for more than 50 years (consider all the technicolor “highway of tomorrow” films from the 50s and 60s). And we’re on the cusp of realizing it. Google’s self-driving car is racking up the miles and automated features like hands free cruise control and collision avoidance are making their way into production vehicles. As Alexis Madrigal at The Atlantic’s (cool) CityLab writes, however, there’s one major fly in the ointment when you consider the super efficient, algorithmically driven road of the future: humans. Specifically: Madrigal, in the course of writing an article on how to build an ‘unhackable’ car poses a scenario that I think is very likely: humans who subvert or otherwise game vehicle automation features to suit their own needs. Imagining the orderly procession […]

Home Depot Acknowledges Breach of Payment Systems

September 8, 2014 Paul Roberts

Almost a week after public reports named Home Depot as a possible victim of a sophisticated cyber attack, the home improvement giant has acknowledged that it was hacked. In a statement on Monday, Home Depot said that an internal investigation confirmed a “breach of our payment data systems” took place. The breach affects the company’s U.S. and Canadian stores, though not its Mexican locations or online transactions, the company said. The incident also appears to have been long-lived. Home Depot estimates that the breach dates to April, 2014. The company did not say when it was finally shut down – though that date could be as late as July. Home Depot has been investigating the incident since it was first disclosed by Brian Krebs at the blog Krebsonsecurity. Krebs was alerted to the incident after large quantities of stolen credit cards began appearing on cyber criminal forums. Sources at […]

Tesla Looks to Build Out Internal Hacking Team| Car and Driver Blog

August 22, 2014 Paul Roberts

Car and Driver has an interesting news item today on Tesla’s continuing efforts to build an internal team of software hackers to shore up the security of its connected cars. C&D reports that Tesla is looking to hire up to 30 full-time employees from the hacking community, and used the recent DEFCON hacking conference in Las Vegas to recruit talented software hackers, reverse engineers and the assorted polymaths who attend. Tesla gave out tokens that could be exchanged for a tour of the Tesla factory at the show. “Our security team is focused on advancing technology to secure connected cars, setting new standards for security, and creating new capabilities for connected cars that don’t currently exist in the automotive industry,” Tesla spokeswoman Liz Jarvis-Shean told C&D. California-based Tesla has already been making the rounds of security conferences. It also made headlines for hiring Kristin Paget, a well-respected hardware hacker […]

Time for an Administrator of Things (AoT)? – Security Intelligence Blog

August 20, 2014 Paul Roberts

Trend Micro’s Security Intelligence Blog has an interesting post today that looks at the changing demands of networked environments populated by smart “stuff.” Their conclusion: homes and businesses might find increasing need for someone to manage smart devices. “Managing a household full of smart devices calls for the skills of both a multi-user IT administrator and a handyman. Let’s call this role the Administrator of Things (AoT).” As in the early days of business networks, this role is currently ill-defined, Trend notes, with “ordinary users” taking on AoT tasks despite “scant evidence that they are ready for it.” Trend’s Geoff Grindrod doesn’t take a strong position on what the implications of all this complexity. (“This is something that should be looked into,” the report says.) However, he does anticipate friction. “How well people can actually perform (the job of AoT) has a huge impact on their daily lives, which includes the security of their household,” […]

Was An IPMI Flaw Behind 300Gbps DDoS Attack? – ComputerworldUK.com

August 19, 2014 Paul Roberts

Computerworld UK has an interesting story that digs into a massive, 300 Gbps DDoS attack that used a flaw in the IPMI protocol to compromise 100,000 unpatched servers, which were then used to send junk traffic to the victim site. The attack was documented by the security firm VeriSign in its quarterly threat report. The flaw, in the Intelligent Platform Management Interface (IPMI) is a well-documented security hole that affects a wide range of devices. The attack in question took place in June and targeted what Verisign described as a content delivery network (CDN) in the media and entertainment sector. The attack combined a variety of techniques, including SYN, TCP and UDP protocols to flood a target data center. The attacks reached a peak traffic volume 300 Gbps and lasted more than a day, prompting Verisign to balance the load across its global network. Verisign attributed the massive volume of the attack to a botnet made up […]