encryption Archives

encryption

Cisco Eyes Security Services For Connected Cars

January 22, 2014 Paul Roberts

Connected vehicles are a big new area of investment. We saw evidence of that at the recent Consumer Electronics Show (CES) and we’re hearing a lot more about it this week, as carmakers strut their stuff at the North American International Auto Show. Security isn’t generally part of the conversation, but as we’ve noted here on more than one occasion: connected vehicles introduce a myriad of challenging security problems, from authentication to communications and system integrity, not to mention data privacy. [Read more Security Ledger coverage of connected vehicles here.] Now networking giant Cisco says that it sees a role for its technology in protecting vehicle area networks (VANs), just as the company’s networking equipment enabled and protected local and wide area networks (LANs and WANs) over the last two decades. In a blog post, Cisco said it is rolling out “a range of products and services” that it […]

Cisco Survey: 100% of Fortune 500 Hosting Malware?

January 16, 2014 Paul Roberts

If you’re working in IT at a Fortune 500 firm, Cisco Systems has some unwelcome news: you have a malware problem. According to the 2013 Annual Security Report from the networking giant, 100 percent of 30 Fortune 500 firms it surveyed sent traffic to Web sites that host malware. Ninety-six percent of those networks communicated with hijacked servers operated by cyber criminals or other malicious actors and 92 percent transmitted traffic to Web pages without content, which typically host malicious activity. “It was surprising that it was 100 percent, but we know that it’s not if you’re going to be compromised, but when,” said Levi Gundert, a technical lead in Cisco’s Threat Research, Analysis and Communications (TRAC) group in an interview with The Security Ledger. Among the high points (or low points) in Cisco’s Report: Cisco observed the highest number of vulnerabilities and threats on its Intellishield alert service in the 13 years […]

CES: The Security Questions Nobody Wants You To Ask

January 6, 2014 Paul Roberts

A note that CES – the Consumer Electronics Show – is once again upon us. Prepare yourself for three or four days of tipsy reporting from the mainstream media about all the gee whiz gadgets that will soon be yours…or not. Let’s face it: a lot of what’s shown at CES is proof of concept stuff and some of it is just too downright silly to ever catch on. Remember HAPIFork? The “smart” fork that would warn you when you were shoveling grub into your maw too quickly? Right. Product security and data privacy are almost always lost in the excitement over the new gadgets and the TUSs. (Televisions of Unusual Size? I don’t think they exist!) That’s why, over on the Veracode blog, I put together a quick list of impertinent questions that every security-minded CES attendee should have at their fingertips. The questions cover a wide range of […]

US CERT Warns About Point-of-Sale Malware

January 3, 2014 Paul Roberts

With news of the breach of big-box retailer Target Inc. still in the headlines, the U.S. Computer Emergency Readiness Team (CERT) issued a warning about the danger posed by malicious software targeting Point of Sale (POS) systems. CERT issued an advisory (TA14-002A) on Thursday asking POS owners to take steps to secure the devices, and telling consumers to beware. The warning comes after a string of reports that suggest that malware attacking point of sale systems is on the rise. In December, researchers from Arbor Networks said they had detected an “active PoS compromise campaign” to steal credit and debit card data that used the Dexter and Project Hook malware. Dexter is a Windows-based program that was first discovered in December, 2012 by Seculert, an Israeli security firm. It is still not known whether malware played a part in the huge theft of credit card data from Target Inc. That […]

Are We Even Trying To Defend The Internet of Things?

January 2, 2014 Paul Roberts

Josh Corman has been a frequent mention on this blog. Josh, who is the Director of Security Intelligence at Akamai Technologies, joined me on the first episodes of Talking Code, speaking about application security and The Internet of Things. He talked candidly about the role that platform security played in his thinking about buying a new car. Well, a few months have passed and now Josh has the new car. But now that he has it, he’s thinking more than ever about the security problem as it pertains to the Internet of Things. In this video, from a TEDx event in Naperville, Illinois (right outside Chicago), Josh talks about his evolving theory of security on the Internet of Things. The IoT, he says, is a “tidal wave” of change that will transform our lives – connecting every aspect of life via software. But this growing amalgam of Internet connected stuff […]