In-brief: IBM and Samsung are collaborating on a platform they say will help billions of connected devices interact securely. The technology, “blockchain,” is borrowed – in part -from the online currency Bitcoin, but has better applications as a transaction processing system.
If you consider how the Internet of Things is transforming the technology industry, one of the most interesting and thought-provoking areas to pay attention to is what we might consider technology “majors” – firms like HP and IBM and Cisco that made their mark (and their hundreds of billions) serving the needs of an earlier generation of technology consumers. How these established technology firms are pivoting to address the myriad challenges posed by the “Internet of Things” tells us a lot about how the IoT market is likely to shake out for consumers and – more pressingly- the enterprise.
Symantec on Sunday published research describing a new family of malware that it claims has been circulating, quietly, for close to six years. (Gulp!) According to a post on Symantec’s Security Response blog, Regin infections have been observed as far back as 2008, but the malware went quiet after about 2011, only to resurface in 2013 in attacks on a wide range of targets including private and public entities and research institutes. Symantec also observed the malware used in attacks on telecommunications firms and say it appears the malware was being used “to gain access to calls being routed through their infrastructure.” In a separate research paper, Symantec describes the malware, dubbed “Backdoor.Regin” as a multi-staged threat that uses encrypted components – installed in a series of stages – to escape detection. The key the malware’s stealth is compartmentalization, Symantec found: “each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible […]
Microsoft on Tuesday released a critical security patch outside of its normal, monthly software update cycle to fix what it described as a serious, privately reported vulnerability in Microsoft Windows Kerberos Key Distribution Center (KDC). If left unpatched, the security hole could allow an attacker to impersonate any user on a domain, including domain administrators. They could use that access to install programs; view, change or delete data; or create new accounts on any domain-joined system, Microsoft said. The security hole affects a wide range of Windows versions and is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2, Microsoft said. Kerberos is an encryption technology that is the default authentication method for Windows systems, starting with Windows 2000. The Kerberos Key Distribution Center is a standard network service for issuing temporary session keys to users and computers […]
A group representing some of the leading foreign automakers who sell in the U.S. released guidelines to protect consumer data collected by in-vehicle technologies and make sure that car owners consent to the collection of everything from geolocation data to biometric identifiers. The group, Global Automakers, represents foreign auto manufacturers and original equipment makers (OEMs). The Privacy Principles document (PDF here) include guidance on issues like transparency, anonymity and security and are intended to set ground rules for the collection and use of driver or owner information by increasingly sensor-rich vehicles. “As modern cars not only share the road but will in the not too distant future communicate with one another, vigilance over the privacy of our customers and the security of vehicle systems is an imperative,” said Global Automakers President and CEO John Bozzella in a published statement. The Privacy Principles are voluntary are are based on the U.S. Federal Trade […]
