authentication Archives

authentication

New England IoT: A Conversation Next Week On Cloud, Security and Internet of Things

September 12, 2014 Paul Roberts

One of the challenges of talking about security in the context of Internet of Things is that the Internet of Things (IoT) isn’t a discrete technology, but an umbrella phrase that encompasses a lot of separate innovations: mobility, inexpensive sensors, wireless connectivity, Big Data and so on. One of the biggest moving parts in the IoT puzzle is cloud computing. Cloud infrastructure – whether its Amazon’s Elastic Compute Cloud (EC2) or Google or any of the thousands (millions?) of private cloud – is the back end for almost every IoT product. That presents both opportunities and real challenge for companies that are looking to leverage IoT in their workplace. Next week, I’m going to moderate a panel at an event here in Boston where we’ll tackle some of these issues head-on. The event: The Connected Cloud Summit is taking place in Boston on Thursday, September 18 at The State Room in downtown Boston. […]

Compromised Website Used In Attack On SoHo Routers

September 11, 2014 Paul Roberts

The folks over at the web security shop Sucuri have an interesting post today that warns of a web-based attack launched from the site of a popular Brazilian newspaper that is targeting home broadband routers. According to Sucuri, researchers investigating a breach at the web site politica . estadao . com . br uncovered evidence that the hackers were using iframe attacks to try to change the DNS configuration on the victim’s DSL router, first by trying a brute force attack on the router’s default credentials. According to Sucuri, the payload was trying to crack default accounts like admin, root, gvt and other common usernames and a variety of known-default router passwords. Small office and home office (or SoHo) broadband routers are an increasingly common target for cyber criminals because many (most?) are loosely managed and often deployed with default administrator credentials. [Read Security Ledger coverage of home router hacks here.] In March, the firm Team Cymru published a report describing a widespread compromise of […]

Samsung Expanding Mobile Management To Court Enterprise

September 10, 2014 Paul Roberts

Editor’s Note: this story was updated to note that Centrify is now known as Delinea. PFR Sept. 18, 2022 Apple stole the show this week, unveiling its new, larger iPhones and a smart watch that everyone is just calling iWatch, whether that’s the product’s name or not. But the rush of new products from Cupertino doesn’t change the fact that, behind the scenes, the battle for the hearts and minds of business users (aka “enterprises”) rages on between Apple, Google, Microsoft and Blackberry. iPhone 6 or no, the outcome of that battle is anything but clear. Case in point: Samsung will roll out new features this week for its KNOX-powered Android phones and tablets that are designed to appeal to security and privacy conscious business users. The new KNOX solution offerings, which will become public on Thursday, promise enterprises and government organizations the tools to simplify the implementation of BYOD (or Bring Your Own Device) programs. In […]

Ahead of Apple’s Announcement: The Security Implications of Wearables | Trend Micro

September 8, 2014 Paul Roberts

The world’s attention will be focused on Apple this week and on the topic of wearables. In an event on Tuesday, the Cupertino company is planning to unveil the latest additions to its popular iPhone line along with a wearable device that most folks are just calling the ‘iWatch.’ But as Apple wrestles with the security of its growing stable of mobile devices and the cloud infrastructure that supports them, what will the impact of wearables be? Well, the folks over at Trend Micro are putting together a series of blog posts that look at that very question. Namely: the (information) security implications of wearables. It makes for some interesting reading. Among other things, Trend There are three very broad categories that we can use to describe what we are talking about. The posts, by Senior Threat Researcher David Sancho, break down the wearables space into three categories: ‘IN’ devices like sensors, ‘OUT’ […]

Report: Apple IDs Targeted by Kelihos Botnet

September 6, 2014 Paul Roberts

There’s an interesting post over on Symantec’s blog about a shift noted in the behavior of the Kelihos botnet in recent days. According to Symantec, Kelihos operators have turned their attention to Apple customers, launching a phishing email campaign aimed at Apple iCloud users and Apple ID’s and passwords. According to the post, Symantec has observed Kelihos (also known as Waledac) being used to send spam emails purporting to be from Apple, informing the victim that a purchase has been made using their account on the iTunes Store. Samples of the emails discovered by Symantec bear the subject line “Pending Authorisation Notification.” The body of the phishing email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID. The email gives an IP address that was used to make the alleged purchase and […]