Security Ledger Editor in Chief Paul Roberts speaks with maritime cyber security expert Ruben Santamarta of IOActive about the recent spate of US navy collisions and whether hacking may have played a role. Also: Alan Brill of Kroll’s cyber security division talks about pending legislation on Capitol Hill that would set standards for the Internet of Things. Finally, Paul speaks with Mary Loughlin of the firm Veracode about a recent survey that found almost two thirds of computer science graduates don’t believe their security education prepared them for their current job.
Top Stories
Analysis: there is both Means and Motive for Cyber Attacks on Navy Vessels
In-brief: could cyber attacks have played a role in recent collisions between US Navy vessels and commercial ships? The short answer is yes. Regardless of what caused the most recent incidents, both the means and the motive exist to launch such attacks in the future.
Episode 59: Are Schools and Colleges Dumping Student Data? Also: was Devil’s Ivy a Dud?
Security Ledger publisher and Editor in Chief Paul Roberts speaks to Leah Figueroa, a Texas-based researcher who warns that colleges and universities – maybe even K-12 school districts – regularly divulge reams of student data to whomever asks, some of it is so-called personally identifying information or PII. Also: Paul talks with Assaf Harel about the future of the “Devil’s Ivy” vulnerability in gSOAP. Will it lead to the next Mirai botnet? Finally, Ashwin Almad of Endgame talks about a new Forrester survey that finds companies struggling to find the people and tools to prevent hacks and data leaks.
Was the Devil’s Ivy Vulnerability a Dud? Don’t Count on It.
In-brief: The Devil’s Ivy vulnerability in the open source gSOAP library is widespread and supposedly trivial to exploit. So why, one month later, haven’t we seen any attacks? Is Devil’s Ivy a dud? ‘Don’t count on it,’ security experts tell us.
Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms
In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors. (Editor’s note: added comment by Chris Clark. Aug 9 2017 – PFR)
