Data privacy firm TRUSTe announced that it is forming a group to identify technical standards to ensure consumer privacy in the Internet of Things. Speaking at the Internet of Things Privacy Summit in San Francisco last week, Chris Babel, the CEO of TRUSTe said that the multi-party group will draw up “technical standards to help companies develop the privacy solutions that are needed to protect consumer privacy in the Internet of Things.” [Read Security Ledger’s coverage of privacy issues related to the Internet of Things here.] The group, dubbed the IoT Privacy Tech Working Group will include representatives from TRUSTe as well as online privacy groups The Center for Democracy & Technology, The Future of Privacy Forum and the Online Trust Alliance, according to a statement from TRUSTe. IoT privacy tech working group announced. “This working group will work to address the mounting security and privacy concerns, while promoting transparency and user […]
Search Results for "Cisco"
Internet of Things to Increase Shortage of Security Professionals
The tech publication eWeek has an interesting interview with Sujata Ramamoorthy, the director for global information security for Cisco’s Threat Response, Intelligence, and Development (TRIAD) group about the impact of Internet of Things technology on the (already painful) shortage of IT security workers. According to Ramamoorthy, adoption of Internet of Things technologies and platforms will exacerbate the IT security worker shortage. “These trends are what are fueling the need for additional security skills in the industry, and because the networks themselves are getting more complex, the applications communicating over them are getting more complex,” she told eWeek reporter Rob Lemos. The increasing complexity of information infrastructure in IoT deployments, an explosion in the number of connected endpoints and a corresponding lack of visibility into cloud services all make the shortage of corporate security experts more critical, Ramamoorthy said. Already there is an estimated 1 million information-security staff and manager shortage globally, according […]
Heart Attack? Fixes For More Critical Holes In OpenSSL
Just a month after a critical security hole in OpenSSL dubbed “Heartbleed” captured headlines around the globe, The OpenSSL Foundation has issued an other critical software update fixing six more security holes, two of them critical. The Foundation issued its update on Thursday, saying that current versions of OpenSSL contain vulnerabilities that could be used to carry out “man in the middle” (or MITM) attacks against OpenSSL clients and servers. SSL VPN (virtual private network) products are believed to be especially vulnerable. Users of OpenSSL versions 0.9.8, 1.0.0 and 1.0.1 are all advised to update immediately. According to information released by the OpenSSL Foundation, an attacker using a carefully crafted handshake can force the use of “weak keying material in OpenSSL SSL/TLS clients and servers.” That could lay the groundwork for man-in-the-middle attacks in which an attacker positions herself between a vulnerable client and server, decrypting and modifying traffic as it passes through the attacker’s […]
Car Makers, Suppliers Going Their Own Way On Security
I was surprised to see a big feature story over at CNN.com this morning – given that the security of connected vehicles has no obvious link to LA Clippers owner Don Sterling, the on-going shakeup at the Veterans Administration or a tornado or other natural disaster. Still – there it is: “Your car is a giant computer – and it can be hacked.” The feature, by Jose Pagliery is solid enough – though it doesn’t break much new ground. He mentions the research by Chris Valasek and Charlie Miller at The Black Hat Briefings last year. He also talks to the folks over at Security Innovation. [Want more on security and connected vehicles? Check out our video: Insecure At Any Speed: Are Automakers Failing The Software Crash Test? ] The big take-away: automobiles are rife with old and outdated software and hardware, much of it lacking even basic security features like secure communications […]
Video: The Internet of Things and Enterprise Risk
The Security Ledger recently hosted our inaugural event: The Security of Things Forum (SECOT). This was a high-energy, day long conference in Cambridge, Massachusetts, that brought together subject experts, executives and thought leaders from disparate areas like high tech, finance and industrial systems to talk about the tsunami of change that is the Internet of Things. One of the big questions hovering over the event: how will IoT technologies and services change the security paradigm that we’ve all be operating under- but especially in enterprises. In fact, IoT and enterprise was the topic of our very first discussion of the day: a panel chaired by Chris Rezendes of INEX Advisors, a leading consultancy focusing on IoT. SECoT Forum 2014 – Democratized Data, IOT and Enterprise Risk from Exhibitor Media Group on Vimeo It’s a really big and messy problem. As panelist Ken Pfeil of Pioneer Investments pointed out: the hack of […]
