A group of security enthusiasts, including some leading figures in the IT security industry, have pledged their hard-earned cash toward a bounty for the first hacker who can fool Apple’s new iPhone 5s Touch ID fingerprint scanner using a fingerprint lifted without the owner’s consent. A web site, istouchidhackedyet.com, has been set up to coordinate the campaign, with more than $14,000 in pledges committed (via Twitter posts) from a Who’s Who of the IT security community. The project was the brainchild of Robert David Graham of Errata Security (@ErrataRob) and Nick De Petrillo (@nickdepetrillo) of Crucial Security, who launched the contest and set up the web site to collect donations. Security luminaries from across the globe chipped in funds to build a bounty, including Travis Goodspeed ($50) and Nick Percoco (@c7five) of the security firm Trustwave ($250). The largest single donation – $10,000 – came by way of Arturas Rosenbacher (@arturas) […]
Technologies
Internet of Things Demands New Social Contract To Protect Privacy
Changes brought about by the Internet of Things demands the creation of a whole new social contract to enshrine the right to privacy and prevent the creation of technology-fueled Orwellian surveillance states in which individual privacy protections take a back seat to security and “control.” That, according to an opinion piece penned by the head of the European Commission’s Knowledge Sharing Unit. Gérald Santucci, in an essay written for the web site privacysurgeon.org, argues that technology advances, including the advent of wearable technology and the combination of inexpensive, remote sensors and Big Data analytics threaten to undermine long-held notions like personal privacy and the rights of individuals. The essays says that current approaches to data protection are “largely inadequate” to the task of reigning in the asymmetrical changes wrought by new technology. “Data collection and video surveillance will continue to grow as ubiquitous computing pervades almost all areas of our […]
Welcoming A New Sponsor: Mocana
You’ll notice some new artwork gracing The Security Ledger this week, and that’s because we’ve welcomed a new sponsor to the family: Mocana. I’d like to officially welcome them to the Security Ledger family. This is a big win for Security Ledger. Mocana will join Veracode, The Trusted Computing Group and Gemalto in underwriting The Security Ledger’s coverage of IT security news and the intersection of security with The Internet of Things (IoT). But we also win the support of a company that is all about IoT. If you haven’t already checked out Mocana, I’d urge you to do so. Launched in 2004, the company’s expertise is in securing non-traditional endpoints. Mocana’s Device Security Framework, a suite of device-resident security software that is embedded into devices during the manufacturing process. DSF is a platform that supports a wide range of security functions, both through Mocana-created security modules and support of other […]
World-is-Flat Author Weighs In On Internet Of Things
Those of you who don’t religiously read the Op-ed page of The New York Times, but who are interested in the Internet of Things, probably want to surf on over to the Times’s web site to check out Thomas Friedman’s opinion piece “When Complexity Is Free” from the Sunday Times. There are a couple of points, here. Friedman is one of the most astute observers of the geopolitical zeitgeist. His 2005 book The World Is Flat talked about the confluence of technologic innovation, the Internet and economic globalization. It is one of the most widely read works of “business writing” of the last century and helped explain, for the public and policymakers, the tectonic changes taking place in emerging and mature economies worldwide. Friedman’s stature as a trend-spotter (see #1) means that, when he says something is important (as he did with IoT this week) important folks take notice. In the […]
BitSight: A Equifax For Security Risk?
I’ve opined in these pages and elsewhere that one of the big problems in the IT security space is the absence of actionable data. After all, problems like denial of service attacks, network compromises and inadvertent data leaks are all just risks that organizations and individuals must grapple with in our increasingly wired world. True – they’re new kinds of risks, but otherwise they’re not fundamentally different from problems like auto accidents, property crime or illness – things that we do a good job accounting for. The difference, as I see it, is an absence of accepted and independent means of assessing the relative security posture of any organization. IT security is still so much dark magic: we rely on organizations to tell us about how secure they are. Organizations, in turn, rely on a complex and patchy network of security monitoring and detection tools, then try to read the […]
