You searched for "third party" and code | Page 13 of 15 | The Security Ledger with Paul F. Roberts

Search Results for ""third party" and code"

Clues Point to Long-Duration Hack at Sony

December 5, 2014 Paul Roberts

With each passing day, evidence mounts that the attack on Sony Pictures Entertainment was a long-duration hacking event that gave malicious actors extensive access to the company’s network and data. The hack started out looking like a particularly nasty example of hacktivism – with thousands of SPE systems wiped of all data. Going on two weeks after revelations of the hack, however, the incident appears to be something much more dire: a massive breach of corporate security that gave malicious attackers access to gigabytes – and possibly terabytes- of sensitive data. With only a fraction of the allegedly stolen data trove released, the ripple effects of the incident are already washing up against other Sony divisions and firms with direct or indirect ties to the company. The latest developments in the saga include publication of some 40 gigabytes of internal files. As described by buzzfeed.com, the files include: “email exchanges with employees regarding specific […]

Opinion: Toppling the IoT’s Tower of Babel

November 26, 2014 Chip Block

The five most feared words in the IT support person’s vocabulary are “This. Page. Can’t. Be. Displayed.” And yet, the growth of Service Oriented Architecture (SOA) based enterprises in the past eight years means that these dreaded words show up more and more, as services from different developers and vendors are consumed by larger, up stream platforms and and integrated to provide new capabilities. In this kind of environment, “This Page Can’t Be Displayed” is a cry for help: the first indication of a problem. For enterprise support personnel, that message is often the first step in a long journey complete with Sherlock Holmes-style sleuthing to try to find which service along an orchestrated chain is the bad actor. And, unfortunately, when an application is being attacked or gets hacked, support personnel may not even have an error message to go on. In both cases, the major roadblock for support and incident response staff is that application developers or development […]

Senate Report Warns of Attacks on Military Transport Contractors

September 18, 2014 Paul Roberts

A Senate Armed Services Committee investigation has found evidence that hackers associated with the Chinese government compromised the computer systems of U.S. Transportation Command contractors at least 20 times in a single year. The attacks pose a serious risk to the system that moves military troops and equipment. The Committee released the report on Wednesday. (PDF copy here.) It presented the results of a year-long investigation of U.S. Transportation Command, or “TRANSCOM,” found a serious gap in awareness and reporting requirements. TRANSCOM was only aware of two of the 20 intrusions, while U.S. Transportation Command remained mostly unaware of the computer compromises of contractors during and after the attacks. “These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin, D-Mich., the committee’s chairman in a published statement. “Our findings are a warning that we must do much more to protect strategically significant […]

Vulnerable Mobile Software Management Tool Reaches Into IoT

August 5, 2014 Paul Roberts

You could be forgiven for never having heard of Red Bend Software. The company is small – just 250 employees- and privately held. Red Bend’s headquarters is a suite of offices in a nondescript office park in Waltham, Massachusetts, just off Route 128 – America’s “Silicon Highway.” But the company’s small profile belies a big footprint in the world of mobile devices. Since 2005, more than 2 billion devices running the company’s mobile management software have been sold worldwide. Today, the Red Bend is believed to control between 70 and 90 percent of the market for mobile software management (MSM) technology, which carriers use to service mobile devices. The software enables mobile carriers to do critical tasks, including firmware-over-the-air (FOTA) software updates, mobile device configuration and other on-device changes. Red Bend counts many of the world’s leading companies in the mobile, enterprise and manufacturing sectors as clients, including Intel, Qualcomm, Samsung, Sharp, LG, Sony, Huawei, China Mobile and Lenovo. For the most part, Red […]

Analysis Finds Blurry Lines Between Rovio, Advertisers

March 28, 2014 Paul Roberts

Rovio, the maker of the massively popular Angry Birds, makes no secret about collecting personal data from those who download and play its games. But an analysis from the advanced threat detection firm FireEye is helping to expose the extend of data harvesting, and also to sketch out the blurry line that separates Rovio and third-party advertising networks it contracts with. In a blog post on Thursday, FireEye analysts Jimmy Suo and Tao Wei described the findings of an investigation into the interaction between Rovio’s mobile applications, including the latest version of Angry Birds, and third party ad networks such as Jumptap and Millenial Media. Using FireEye’s Mobile Threat Prevention (MTP), the two gathered and analyzed network packet capture (PCap) information and analyzed the workings of Angry Birds and its communications with third-party ad networks. The two were able to reveal a multi-stage information sharing operation, tracking code paths from the reverse-engineered […]