Recent Posts

Is Analog The Answer To Cyber Terrorism?

Ralph Langner is one of the foremost experts on the security of critical infrastructure that we have. So, generally, when Ralph says something – whether its about Stuxnet, or cyberwar or the security of nuclear power plants – folks listen. And these days, Ralph is wondering, out loud, whether our reliance on digital systems to manage critical infrastructure has gone too far. The answer, he suggests, may be to go “back to the future,” as it were: reintroducing analog systems into the control process chain as a backstop for cyber attacks. Case in point: the Department of Homeland Security’s ICS-CERT warned on Friday that firmware for Siemens SIMATIC S7-1500 CPUs (Central Processing Units) contain nine vulnerabilities that could enable attacks such as cross site request forgery, cross site scripting and URL redirection. (Siemens has issued a firmware update that patches the holes.) Langner is among the world’s foremost experts on […]

Continue Reading

Mobile Metadata, Google Dorking Expose Your Secret Life

A study of more than 500 mobile phone owners by researchers at Stanford University suggests that call records and other “metadata” stored on our phones can easily be used to infer a wealth of sensitive information about phone owners – laying bare details of private lives that many would prefer to keep hidden. The findings of the study were outlined in a blog post by researcher Patrick Mutchler on Wednesday. Researchers concluded that the data collected from the phones was very accurate in painting a picture of the phone’s owner, including their work, social interests and medical conditions. That was true even across a small sample population monitored for just a few weeks. In the study, researchers placed an application, MetaPhone, on Android smartphones belonging to 546 participants and collected a wide range of information including device logs, social network information and call records for analysis. In all, researchers collected calls […]

Continue Reading

Is Refrigerator Spam Really In Our Future?

I came across an interesting post over on Wearable World News today titled “The Danger of Smart Spam In the Internet of Things.” The article, by Jessica Groopman, ran yesterday and provides a kind of conceptual overview of the security and IoT space. I think Goodman gets it mostly right: she talks about the proliferation of device types and platforms that will (or already does) characterize the Internet of Things. With hundreds of billions (compared with hundreds of millions) of Internet connected endpoints, cyber criminals, hacktivists and other bad actors have an even greater ability to create armies of compromised endpoints and harness their collective power in attacks. Goodman also gets it right when she notes that many “smart” devices run commodity operating systems like Linux and don’t require lots of special effort to reverse engineer. Finally, IoT devices frequently are low power and embedded systems that lack the processing […]

Continue Reading

Save The Date: The Security of Things Forum May 7

A little more than 18 months ago, I launched The Security Ledger, a news and analysis blog devoted to exploring cyber security and its intersection with the growing world of intelligent, Internet-connected “stuff.” My goal all along has been to shine a light on some of the security and privacy issues that arise as ‘computers’ (for lack of a better term) morph from devices on our desk to things that we wear, drive, carry in our body or watch us from the sky. More than that, though, I wanted to build a community of subject matter experts, thought leaders and decision makers who could help shape the conversation about how to navigate the transition from the Internet of computers to the Internet of Things. [Register Now for an Early Bird Discount!] But, let’s face it, there’s only so much interaction that can happen through a web site or e-mail newsletter. That’s […]

Continue Reading

Google Readies SDK For Wearable Tech

Google will soon release a software development kit (SDK) for adapting its Android mobile operating system to wearable technology such as smart watches, according to statements by Sundar Pichai, Google’s Senior Vice President of Android, Chrome and Apps.   Pichai was speaking over the weekend at the South by Southwest (SXSW) festival in Austin, Texas. He said that the SDK for wearables will be available sometime in the next two weeks and is intended to help flesh out the company’s vision for how wearable technology should work. The news was first reported here by The Guardian. Wearables are just another “platform” on which small, powerful sensors will be deployed, he said. “Sensors can be small and powerful, and gather a lot of information that can be useful for users. We want to build the right APIs for this world of sensors,” he is quoted saying. [Read more Security Ledger coverage […]

Continue Reading
1 335 336 337 338 339 397