In-brief: Verizon said in its latest Data Breach Investigations Report that threats from Internet of Things technologies were more theory than practice in 2014, but that 2015 could see IoT devices play a role in breaches.
SQL injection
Research Warns of Cyber-Physical Attacks Against Vessel Tracking System
Researchers at Trend Micro report that an analysis of a vessel tracking system that is mandated on most large sea vessels has found that it is vulnerable to a range of possible software- and radio-based attacks. The vulnerabilities could be exploited in ‘cyber-physical’ attacks against the Automated Identification System (AIS) that directed ships off course or confused officials by mis-reporting the actual location of vessels, the researchers found. Trend Micro researchers Marco Balduzzi and Kyle Wilhoit presented their research at the Annual Computer Security Applications Conference (ACSAC) in New Orleans this month. AIS is a global system for tracking the movement of vessels. It is intended to supplement marine radar and relies on ship, land and satellite-based systems to exchange data on ships’ position, course and speed and is used for everything from collision avoidance to security, ship-to-ship communications and weather forecasting. AIS is required to be deployed on all passenger vessels and on international-voyaging ships […]
Cyber Security and IoT: Fundamentals Matter
I really struggled to come up with a clever analogy to start this post. In doing so I realized that this exercise was itself, the exact problem I was trying to describe. So much conversation about cyber security, especially cyber security for the Internet of Things (IoT), focuses on the sexy, the complicated, the one-in-a-million. In doing so, we ignore the most common threats and basic attacks. I would like to argue that if we are to effectively defend ourselves in this new IoT world, we cannot ignore the fundamentals of security. But let’s be honest: the basics are boring. I know that. Many of the practices that are most important are also the ones we’ve heard about before. As we look at them: there isn’t anything new there. That’s true – but I take that as proof that they are sound practices, worthy of keeping top-of-mind, rather than old knowledge that can be discarded. Here’s […]
