endpoint security Archives

endpoint security

Security and The Internet of Things: An RSA Roadmap

February 21, 2014 Paul Roberts

The RSA Security Conference starts next week in San Francisco: the central event of a week-long orgy of IT security wheeling and dealing in the Bay Area. Though its roots are as a small and clubby gathering of cryptographers, RSA long ago stopped being that, and started resembling a kind of speed dating event for technology and IT security firms. Sure – there are plenty of interesting talks at RSA, but the important work takes place in private suites of adjoining hotels and chance encounters in the halls of the Moscone. If there’s a big IT security deal in the offing – like IBM’s $1 billion acquisition of Trusteer, or FireEye’s purchase of the firm Mandiant – chances are good that the conversation started at RSA. Long and short: RSA is a snapshot of the security industry at a particular place and time. As such, it tends to be a […]

Snowden RSA Controversy Just One Of Many Facing Security Industry

February 17, 2014 Paul Roberts

In a little more than a week, executives from world’s leading technology firms will gather in San Francisco for the RSA Conference, the cyber security industry’s biggest show in North America. No hacker con, RSA is something akin to corporate speed dating for companies in the security industry. But, like so much else in the technology world, this year’s conference has become mired in controversy stemming from Edward Snowden’s leak of classified documents related to government surveillance. In December, Reuters broke the story that, among the documents leaked by Snowden was evidence that RSA, the security division of EMC and parent company to the conference, accepted a $10m payment from the NSA to implement what turned out to be a vulnerable encryption algorithm as the default option for its BSafe endpoint protection product. RSA, the security division of EMC, has denied the allegations that it accepted the money while knowing that […]

Veterans Targeted In Attack Using IE 10 Zero Day

February 13, 2014 Paul Roberts

Visitors to the web site of the Veterans of Foreign Wars (VFW) are being targeted in an attack that exploits a previously unknown hole in Microsoft’s Internet Explorer 10 web browser, according to warnings Thursday by security firms. Some visitors to the web site of the Veterans of Foreign Wars (VFW), vfw[dot]org, were the victim of a ‘watering hole’ attack that takes advantage of a previously unknown ‘use-after-free’ vulnerability in Microsoft’s Internet Explorer 10 web browser. The VFW site was hacked and then altered to redirect users, silently, to a malicious website programmed to exploit vulnerable versions of IE 10 on systems running 32 bit versions of the Windows operating system. The VFW did not immediately respond to e-mail and phone requests for comment. According to a write-up by the security firm FireEye, the vulnerability allows the attacker to “modify one byte of memory at an arbitrary address” stored […]

Uncle Sam Makes Mobile, Medical Device Security a Priority in 2014

February 10, 2014 Paul Roberts

The U.S. Department of Health and Human Services (HHS) says that it will make the security of mobile devices containing personal health information and networked medical devices areas of intense scrutiny in 2014. The security of a wide range of devices, from laptops and USB ‘jump drives’ to networked medical devices like dialysis machines and medication dispensing systems will be under review, according to a 2014 Work Plan issued by HHS’s Office of the Inspector General (OIG). (PDF) Among other projects, the OIG will review hospitals’ plans to protect the loss of protected health information (PHI), as well as similar plans put in place by Medicare and Medicaid contractors in the next year. OIG will also scrutinize security controls at hospitals that protect networked medical devices. OIG wants to determine if the controls in place are adequate to secure electronic protected health information stored on medical devices. Links between networked […]

FTC Approves Settlement Over Leaky Surveillance Cam

February 10, 2014 Paul Roberts

The US Federal Trade Commission (FTC) announced on Friday that it has approved a settlement with TRENDnet, Inc. over lax security features in its line of SecurView cameras. The FTC said on Friday that it has approved a final order settling charges against the company, whose cameras were found to be poorly secured against external attackers, who could access them and use them to spy on the homes and private lives of hundreds of consumers. [See also: Apple Store Favorite IZON Cameras Riddled with Holes] The FTC complaint stems from a February, 2012 case in which independent security analysts with the web site Console Cowboys published details on how a firmware flaw allowed authentication for Internet-connected SecurView cameras to be bypassed, giving any Internet user (with the know-how) the ability to view the surveillance camera’s live feed. The Commission first announced a settlement with TRENDnet, a Torrance, California company, in September of […]