The German magazine Der Spiegel made headlines this week with its story detailing the US National Security Agency’s (NSAs) offensive hacking capabilities. The story is based on classified NSA documents absconded with by former contractor Edward Snowden and lays bare a Webster’s Dictionary full of classified hacking tools and programs. Among the highlights of the story: + The NSA developed and deployed a wide range of hacking tools that could compromise hardware from leading IT and networking equipment makers including Cisco Systems, Juniper Networks and the Chinese vendor Huawei and Dell Inc. + The NSA tools were designed to provide persistent access that allowed the NSA to monitor activity on the compromised endpoint, avoid detection by third party security software and survive software and firmware updates. One such tool, DEITYBOUNCE, provided persistent access to Dell’s PowerEdge servers by “exploiting the system BIOS” and using “System Management Mode to […]
Software
AT&T: Security A Top Issue For M2M In 2014
There’s an interesting 2014 predictions blog post by AT&T’s Mobeen Khan that offers some thoughts on where the market for Machine-to-Machine (or M2M) technology is going in the next 12 months. According to Khan, an Executive Director of Marketing at AT&T Business, the M2M space is poised to take off in the next twelve months, as consumer demand for “smart” devices grows in both developed and developing markets, and as the M2M application stack matures, attracting the interest of developers. With M2M technology maturing, and the “Internet of Things” exiting its “gee whiz” phase, firms selling the technology no longer need to worry as much about justifying the return on investment for M2M and IoT technology. As that happens, however, security will become the most pressing issue in the M2M space, Khan believes. “To date, companies deploying M2M solutions have looked to ROI as the #1 need. As the need/ROI of […]
Prediction: Rough Road Ahead in 2014 For Security and Internet of Things
With the New Year fast approaching, it’s (unofficially) ‘prediction season,’ when everyone worth their salt stares into the crystal ball and tries to imagine what the world will look like 12 months hence. To sort through our 2014 predictions, we called on Mark Stanislav, the chief Security Evangelist at Duo Security. Mark is a seasoned security researcher who has taken an interest in the security of the Internet of Things. Earlier this year, we wrote about research Mark did on the IZON Camera, an IP-enabled home surveillance camera that is sold by big-box retail stores like Best Buy, as well as by the Apple Store. Beneath the IZON’s polished exterior, the IZON was a mess of sloppy coding and poor security implementation, Stanislav discovered. Like many IoT devices, IZON cameras punted security to those responsible for the wireless network that it was deployed on – essentially trusting any connection from […]
A Christmas Hangover From Smart Devices
Editor’s note: This is reposted from Veracode’s blog. Just in time for the holidays, I received an e-mail by way of Electric Imp. If you’re not familiar with the “Imp,” (my phrase, not theirs), it’s a PaaS that makes it easy to build and connect smart devices. Among the cool gift ideas Electric Imp was promoting: a whole line of products produced by the company Quirky along with GE under the “Wink: Instantly Connected” products banner and available at Best Buy and other stores. There’s Egg Minder, an Internet-connected egg tray that tracks how many eggs you have left in your fridge, and how fresh each of them is. Not your thing? How about Nimbus? It’s a “customizable Internet-connected dashboard that lets you “track the data that affects your life, from commute times and weather to social media and more.” Nimbus looks like someone ripped the gauges out of a […]
Report: Cards Stolen From Target Used – at Target
The web site that first broke the news that data on millions of credit cards was lifted from box retailer Target now reports that those cards are being used to make fraudulent purchases at brick and mortar stores- including at Target itself. Writing on the website Krebsonsecurity.com, Brian Krebs said that so-called “dumps” of stolen card data are flooding underground “carder” web sites where cyber criminals fence stolen card information. Citing an unnamed source at a New England bank, Krebs said that the bank had, with his help, purchased about 20 cards for its customers that were offered for sale on rescator(dot)la, the carder web site, and confirmed that all the stolen cards had been used at Target. Furthermore, the source confirmed to Krebs that some of the stolen cards had already been used to make fraudulent purchases – including at Target and other big box retailers. Only one […]
