In-brief: The security firm Bluebox says the mobile applications used with Hello Barbie contain security flaws that could lead to the theft of passwords and other information. Update: this story was updated to include comment from Bluebox and ToyTalk. PFR 12/4/2015
OpenSSL
Firm Finds Crypto Keys Recycled on Thousands of Devices
In-brief: Encryption keys used to secure data on- and communications between embedded devices are being recycled, creating a huge vulnerability that malicious hackers could exploit to snoop on sensitive communications or impersonate devices.
Tech, Retail Firms Propose Privacy Standards for Internet of Things
In-brief: The Online Trust Alliance, a group representing some of the largest technology and retail firms in the U.S., has proposed a framework for ensuring the privacy and security of connected devices. The OTA proposal would eliminate some of the more egregious data harvesting practices of connected device makers.
Unpatched Vulnerabilities Common on Docker Hub Images
In-brief: A survey out from the firm Banyan finds that official and general repositories on Docker Hub are rife with serious and exploitable software vulnerabilities, including Heartbleed, Shellshock and Poodle.
The Evolving CISO: A Conversation with Dell’s Alan Daines
In-brief: Tune in to our conversation with Dell CISO Alan Daines on Friday, May 29th at 1:00 PM ET. Click the image above to register!