cybercrime

BitSight: A Equifax For Security Risk?

I’ve opined in these pages and elsewhere that one of the big problems in the IT security space is the absence of actionable data. After all, problems like denial of service attacks, network compromises and inadvertent data leaks are all just risks that organizations and individuals must grapple with in our increasingly wired world. True – they’re new kinds of risks, but otherwise they’re not fundamentally different from problems like auto accidents, property crime or illness – things  that we do a good job accounting for. The difference, as I see it, is an absence of accepted and independent means of assessing the relative security posture of any organization. IT security is still so much dark magic: we rely on organizations to tell us about how secure they are. Organizations, in turn, rely on a complex and patchy network of security monitoring and detection tools, then try to read the […]

Continue Reading

With Settlement, FTC Issues Warning On IP-Enabled Cameras

The U.S. Federal Trade Commission (FTC) made one of its strongest statements to date on the issue of consumer privacy in the fast-emerging market for “smart” electronics: settling a complaint with the maker of SecurView, a line of home surveillance cameras that, it turned out, were just as easily used to spy into the homes of SecurView customers. In a statement on Wednesday, the FTC said that it settled a complaint against TRENDnet, the maker of the SecurView home security cameras. The FTC had charged the Torrance, California company with misrepresenting the security of its products. TRENDnet sold “faulty software that left (the cameras) open to online viewing” by anyone who knew the device’s IP address. Under the terms of its settlement with the Commission, TRENDnet must stop misrepresenting the “security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit,” as well as “the extent […]

Continue Reading

SANS’ Pescatore: Security Needs Rethink For Internet Of Things

Our friends over at InfoSecurity Magazine have an interesting interview with SANS’ Director of Emerging Security Trends John Pescatore about security and The Internet of Things. Pescatore gets a somewhat skeptical hearing from the enterprise-focused IT security publication. (“Granted, it’s unlikely that anyone would be sending a car an email with a malicious executable, but that doesn’t mean there aren’t threat vectors for hackers to exploit,” InfoSecurity opines, by way of an introduction. Oh really?) But Pescatore brings a “deep field” view to this topic, noting that the security issues around IoT are already upon us in the spent almost two decades as Gartner’s Obi-Wan Kenobi for security, where he advised companies and technology vendors on the best way to navigate the shifting sands of the IT security space. Speaking to InfoSecurity, Pescatore says the 100,000 foot message is: ‘let’s learn from our mistakes.’ Specifically, that means not looking at intelligent devices, including […]

Continue Reading
1 25 26 27