authentication

You’re Invited: A Conversation on Password Security and Targeted Attacks

A note to Security Ledger readers that I’ll be facilitating a really interesting conversation this afternoon on password (in)security and how weak user authentication can undermine even the best laid security plans. The SANS Webinar, Security for the People: End User Authentication Security on the Internet” kicks off at 3:00 PM Eastern today (12:00 PM Pacific). You can register to join us using this link.   My guest is DUO Security researcher Mark Stanislav, a frequent Security Ledger contributor and one of the smartest guys out there when it comes to passwords, authentication and securing the Internet of Things. There’s plenty to talk about: weak authentication schemes are the root cause of any number of prominent breaches – from the recent attacks the Apple iCloud accounts of A-list celebrities, to the breach at retailer Target (reportedly the result of a phishing attack on an HVAC contractor that Target used.) Mark and I […]

Continue Reading

The Key to Security in the Internet of Things – IEEE Spectrum

IEEE Spectrum has an article that provides a nice overview of security and privacy issues on the Internet of Things. The article by Mark Anderson highlights a number of the issues that have cropped up on these pages as well, namely: the rush to market in the consumer IoT space (much of it driven by crowd funding sites like IndieGoGo and Kickstarter) the lack of a strong business case for (consumer) manufacturers to build security into IoT products the tendency of large manufacturers to pursue siloed security standards that thwart efforts to build  devices interconnect with other IoT infrastructure (other devices, routers, etc.) So far efforts to coordinate IoT development around a single platform or set of standards have been reduced to predictable turf battles: Google’s Thread versus multi-vendor efforts like TheAllSeen Alliance,  The Open Interconnect Consortium, The Industrial Internet Consortium versus Apple HomeKit and HealthKit and others. In the […]

Continue Reading

Concept Worm Could Spread Between Networked Attached Storage Systems

Kelly Jackson Higgins over at Dark Reading has a really interesting story about a researcher who is building a NAS worm. That’s right: some automated malware that will be capable of roaming the Internet finding and compromising consumer network attached storage (NAS) devices. Higgins interviewed Jacob Holcomb, a security analyst at the firm Independent Security Evaluators, has rolled more than two dozen previously unknown and undiscovered (‘zero day’) software vulnerabilities in NAS products into a proof-of-concept, self-replicating worm. According to Higgins, the worm scans for vulnerable services running on NAS systems — mostly web servers — and identifies the type of NAS device and whether it harbors the bugs. If a known, vulnerable platform is discovered, the worm launches the corresponding exploit from its quiver to take control of the device. Compromised devices are then used to scan for other, similar devices. Holcomb has already informed affected vendors – a list that includes […]

Continue Reading

Consumers Embrace IoT And Wearables, Worry About Security Consequences

A new survey of consumer attitudes and expectations about technology finds that a strong majority of Americans expect wearable technology and biometric security to be common within the next decade. The survey, sponsored by the security company McAfee, asked 1,500 U.S. consumers about lifestyle and technology trends in the home and workplace. The results suggest that consumers are already adjusting their expectations about the future to include pervasive connectivity, a wealth of intelligent devices – and some of the problems that come with both. More than 60% of those surveyed by McAfee said they anticipate having connected appliances like refrigerators that will “automatically add food to a running grocery list if the product is running low.” A strong majority of those polled – 84% – said they were convinced their home security systems will be connected to their mobile device. “As technology, especially the Internet of Things, continues to rapidly advance and […]

Continue Reading

How Big Data holds the Key To Securing the Internet of Things

I’m seeing a lot of pre-conference promotion of content from the big Internet of Things Expo out in Santa Clara in early November. One interesting presentation that is worth checking out (the slides are already online) is James Kobielus’s talk on how IT professionals should address the security challenges of IoT. Kobielus is IBM’s program director for Big Data analytics product marketing. In his presentation, he tackles the question of whether the Internet of Things is (to use his words) “too big, diverse, pervasive,  and dynamic to secure comprehensively?” [Read our coverage of Internet of Things security here. ] After all, history will show that we’ve done – at best – a so-so job of securing the Internet of machines. How will adding a few zeros to the number of connected endpoints make things better? IoT will undermine even the tenuous walls we’ve built around our existing IT infrastructure: moving us to a […]

Continue Reading
1 10 11 12 13 14 19