Recent Posts

Blade Runner Redux: Do Embedded Systems Need A Time To Die?

The plot of the 1982 film Blade Runner (loosely based on the 1968 novel Do Androids Dream of Electric Sheep by Philip K Dick) turns on the question of what makes us ‘human.’ Is it memories? Pain? Our ability to feel empathy? Or is it merely the foreknowledge of our own certain demise? In that movie, a group of rebellious, human-like androids – or “replicants” – return to a ruined Earth to seek out their maker. Their objective: find a way to disable an programmed ‘end of life’ in each of them.  In essence: the replicants want to become immortal. It’s a cool idea. And the replicants – pre-loaded with fake memories and histories – pose an interesting philosophical question about what it is that makes us humans. Our artificial intelligence isn’t quite to the ‘replicant’ level yet (the fictional tale takes place in 2019, so we have time). But some […]

Continue Reading

Unknown Knowns: Arbor Warns Of Widespread Point of Sale Compromises

The hack of U.S. retailer Target put attacks on point of sale systems on the radar, and prompted major retailers to revisit the security of the systems that accept credit card transactions. Now research from Arbor Networks is warning that hackers and cyber criminals are doubling down on point of sale (PoS) systems with a wide range of specialized PoS malware and targeted attacks. Arbor says it has data suggesting that PoS compromises may be widespread, and undetected. Arbor’s Security Engineering & Response Team (SERT)  issued its findings in a Threat Intelligence Brief (2014-6)  report. The company said that “ambitious threat actors” are using targeted attack campaigns against PoS networks. The “longevity and extent” of PoS attack campaigns – even at wealthy and sophisticated organizations – is “a serious concern.”   [Read Security Ledger’s coverage of the Target data breach here.] “In organizations with security teams and well-managed network infrastructure, point of […]

Continue Reading

No Silver Bullet For Securing The Internet Of Things

On Wednesday we wrapped up the first-ever Security of Things Forum (SECoT) here in Boston, which was a great success. During a full day of talks and panel discussions, there was a lot of discussion – both on the stage and in the audience. Here are some (high level) take aways from the event: The Internet of Things will be different – really different The combination of technologies that we refer to as the Internet of Things is going to be transformative in ways that are profound. As I said in introductory comments: I see the net effect of this next phase of the Internet as being a leap forward, rather than incremental change – less “invention of the printing press” and more “invention of writing and counting systems.”   Like Internet v.1, the exact direction that the Internet of Things will take is unclear. What is clear is that it […]

Continue Reading

Security and Internet of Things: Can We Talk?

Many of you who have been following this blog know that the Security Ledger is particularly interested in covering the (fast) evolving border line between “traditional” IT security and the terra incognito of the Internet of Things. This week, we’re taking that discussion to the next level with our first-ever event: The Security of Things Forum (or SECoT for short). SECoT is going to be an amazing day of discussion and debate about what I consider one of the foremost challenges facing the technology community in the next decade: securing a rapidly expanding population of intelligent and Internet-connected devices. [Register for The Security of Things Forum here. Use the Promo Code SLVIP to get 20% off!]   Attendees will hear an address by Dr. Dan Geer, the Chief Security Officer at In-Q-Tel, the U.S. Central Intelligence Agency’s investment arm. Dan is one of the smartest and most prescient thinkers in the security world, […]

Continue Reading

Is Pavlovian Password Management The Answer?

Something hit me straight in the face that may be a method for inducing cognitive awareness to end users in regards to password management. Ironically this also has a side effect of scalability when managing password changes. It isn’t completely flushed out but I wouldn’t mind getting some opinions on this. I am thinking of prototyping this in a PAM module in my spare time. Here goes… For end users we have been trying to get users to understand the importance of constructing good passwords. We provide guidance on what a good password is (even though the guidance that I have seen is still usually unacceptable in most places when compared to NIST guidelines). We spend a lot of time telling the user to “do this because security experts advise it, or it’s part of our policy” but we don’t really provide an incentive or an understanding of why we tell them to do this. Well humans are programmable, and the best […]

Continue Reading
1 329 330 331 332 333 396