Recent Posts

Obama Administration: Speak Up On Trusted ID Plans!

The Obama Administration is throwing its weight behind two federal efforts to increase the use of so-called “trusted identities” online as a way to combat consumer fraud and threats to critical infrastructure. Writing on the White House blog on Monday, Michael Daniel, the Obama Administration’s cyber security coordinator said that the current system for managing online identities (user IDs and passwords) is “hopelessly broken,” and that the stakes are getting ever higher for breaches. “While today it might be a social media website, tomorrow it could be your bank, health services providers, or even public utilities,” he wrote. Daniel said two federal initiatives aim to tip the scales in the direction of stronger and more secure online identities, but that more public engagement is needed to ensure that what is produced by those projects gets adopted. Specifically: Daniel highlighted two NIST-led efforts: the National Strategy for Trusted Identities in Cyberspace (NSTIC), […]

Continue Reading

10 Essential Internet of Things Infographs

The term “Internet of Things” (or IoT) is so often used these days that it can be difficult to know exactly what it refers to. But the “Internet of Things” isn’t any less relevant or important just because it happens to be nudging its way up the steep side of Gartner’s Hype Curve. So understanding what people mean by “Internet of Things” is critical, even if not all those people would agree on a common definition themselves. Fortunately, many firms with a hand in the IoT have gone through the trouble of boiling their view of the Internet of Things down into handy, informative infographics. We’ve pulled a few of them together here for The Security Ledger – focusing on those that speak to the critical issues of safety, security and data privacy whenever possible. Check out this slideshow. Mouse over the image to learn more, or click on the […]

Continue Reading

FTC Settles With Flashlight App Maker Over Geotracking

The Federal Trade Commission (FTC) announced on Thursday that it settled with the maker of a popular Android mobile flashlight application over charges that the company used deceptive advertising to collect location and device information from Android owners. The FTC announced the settlement with Goldenshores Technologies, LLC of Moscow, Indiana, makers of the “Brightest Flashlight Free” Android application, saying that the company failed to disclose wanton harvesting and sharing of  customers’ location and mobile device identity with third parties. Brightest Flashlight Free is a top download from Google Play, the main Android marketplace. Statistics from the site indicate that it has been downloaded more than one million times with an overall rating of 4.8 out of 5 stars. The application, which is available for free, displays mobile advertisements on the devices that it is installed on. However, the device also harvested a wide range of data from Android phones which […]

Continue Reading

Senator Asks Automakers About Cyber Security, Privacy Plans

Cyber attacks on so-called “connected vehicles” are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey’s letter, dated December 2, cites recent reports of “commands…sent through a car’s computer system that could cause it to suddenly accelerate, turn or kill the breaks,” and references research conducted by Charlie Miller and Chris Valasek on Toyota Prius and Ford Escape. That research was presented in an August demonstration at the DEFCON hacking conference in Las Vegas. [For more on the security threats facing connected vehicles, check out this link.] “Today’s cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network […]

Continue Reading

Two Million Passwords Stolen From Facebook, Twitter, ADP

The passwords to access more than two million online accounts have been recovered from a server that is part of the command and control network for the Pony botnet, a large and active network of infected computers, according to a blog post from the security firm Trustwave. The company said that it found a cache of approximately two million compromised accounts, most from popular online services such as Facebook, Yahoo, Google and Twitter. More concerning: the cache also contained tens of thousands of credentials for FTP (File Transfer Protocol) servers, remote desktop and secure shell (SSH) accounts, and a site belonging to ADP, the payments processing firm. Facebook accounts made up the lion’s share of the haul, with 318,121 user credentials discovered – 57% of the total. Yahoo was the next biggest victim, with 59,549, almost 11% of the total. Leading Russian social networking sites vk.com and odnoklassniki.ru were also in […]

Continue Reading
1 346 347 348 349 350 396