Top Stories

IoT And Big Data To Create Insurance Industry Winners, Losers

This blog writes a lot about risk and the Internet of Things. Specifically: we talk about how smart, sensor rich, connected devices create all kinds of new risks for enterprises and consumers. It goes without saying that feature development (and adoption) are running well ahead of pesky issues like secure design and deployment or data privacy. Smart companies are trying to put some brakes on that trend. (Witness Google prohibiting sensitive health data from its Android Wear platform.) But, by and large, companies are plowing ahead into IoT technologies without a lot of consideration of the risks. But there’s one industry where risk _is_ the business: the insurance industry. And there, the thinking about the potential of Internet of Things is decidedly bullish. In fact, a recent report from the financial services research firm Celent (paywall) suggests that broad adoption of IoT technologies will revolutionize the way insurance companies market and sell to […]

Continue Reading

Heartbleed Prompts Fiscal Lifeline For Open Source

One of the most powerful (and substantive) realizations to come out of the news about the ‘Heartbleed’ OpenSSL vulnerability was that open source projects need help and attention from the tech community that relies on their fruits. I’ve written about this before – noting Apple’s reluctance to put some of its considerable cash hoard towards supporting open source projects it relies on (like the Apache Software Foundation), as have others. [Read Security Ledger’s coverage of the Heartbleed vulnerability here.]   Now that idea appears to have taken root. On Thursday, the Linux Foundation announced the creation of the Core Infrastructure Initiative, a multi-million dollar project to fund open source projects that are in the critical path for core computing functions. The CII group has some substantial backing. Google, Cisco, Microsoft, Facebook, Amazon, IBM, Intel, Samsung, Fujitsu and VMWare all signed on to the CII Steering Committee. (Surprising (or not): Apple was not one of the firms supporting […]

Continue Reading

Heartbleed: Technology Monoculture’s Second Act

Say ‘technology monoculture’ and most people (who don’t look at you cross-eyed or say ‘God bless you!’) will say “Microsoft” or “Windows” or “Microsoft Windows.” That makes sense. Windows still runs on more than 90% of all desktop systems, long after Redmond’s star is rumored to have dimmed next to that of Apple. Microsoft is the poster child for the dangers and benefits of a monoculture. Hardware makers and application developers have a single platform to write to – consumers have confidence that the software and hardware they buy will “just work” so long as they’re running some version of Windows. The downside, of course, is that the Windows monoculture has also been a boon to bad guys, who can tailor exploits to one operating system or associated application (Office, Internet Explorer) and be confident that 9 of 10 systems their malicious software encounters will at least be running some version of the […]

Continue Reading

History Suggests Heartbleed Will Continue To Beat

The SANS Internet Storm Center dialed down the panic on Monday, resetting the Infocon to “Green” and citing the increased awareness of the critical OpenSSL vulnerability known as Heartbleed as the reason.   Still, the drumbeat of news about a serious vulnerability in the OpenSSL encryption software continued this week. Among the large-font headlines: tens of  millions of Android mobile devices running version 4.1 of that mobile operating system (or “Jelly Bean”) use a vulnerable version of the OpenSSL software. Also: more infrastructure and web application players announced patches to address the Heartbleed vulnerability. They include virtualization software vendor VMWare, as well as cloud-based file sharing service Box. If history is any guide: at some point in the next week or two, the drumbeat will soften and, eventually, go silent or nearly so. But that hardly means the Heartbleed problem has gone away. In fact, if Heartbleed follows the same […]

Continue Reading

IDS And The IoT: Snort Creator Marty Roesch On Securing The Internet of Things

Martin Roesch is one of the giants of the security industry: a hacker in the truest sense of the term who, in the late 1990s created a wide range of security tools as a way to teach himself about information security. One of them, the open source SNORT intrusion detection system, turned into one of the mostly widely used and respected security tools in the world. SNORT became the foundation for Sourcefire, the company Marty helped found in 2001. And Sourcefire went on to fantastic success: first as a startup, then as a publicly traded company and, as of October of last year, as part of Cisco Systems, after the networking giant bought Roesch’s company for $2.7 billion. These days, Marty serves as a Vice President and Chief Architect of Cisco’s Security Business Group, where he’s helping shape that company’s strategy for securing the next generation of enterprise (and post-enterprise) networks. […]

Continue Reading
1 203 204 205 206 207 216