Search Results for "Target"

This Week In Security: Android’s Security Woes

We’re at the end of another busy week in the security world – a week that saw everything from World Cup themed phishing attacks and, of course, more data breaches: at PF Changs, Domino’s Pizza and AT&T. Among the top stories this week were a number of warnings about attack on Google’s Android mobile device platform. FireEye and Google said they dismantled part of a mobile malware operation that stole online banking credentials from Android users via a malicious and stealthy app posing as Google Play. And a German researcher sounded alarms about Android mobile devices shipping from China that come with pre-loaded malicious software. To help make sense of all the Android badness, we invited  Zach Lanier. Zach’s been a frequent guest on Security Ledger Podcast. He’s a security researcher at DUO Security and – fittingly- one of the authors of The Android Hacker’s Handbook, published by Wiley. Zach and I talked about the […]

Continue Reading

Update: Another IPMI Mishap? Researcher Claims Supermicro Devices Vulnerable

There’s more bad news for companies that rely on the Intelligent Platform Management Interface (IPMI) to manage servers and other hardware in their IT environments. Specifically: researcher Zachary Wikholm over at Cari.net has published evidence of what he says is a head-slapping vulnerability affecting devices that use IPMI Base Management Controllers (BMCs) made by the firm SuperMicro. According to Wikholm, servers equipped with Supermicro BMCs store a password file, PSBlock, in plain text and – making matters worse- leave it open to the world on port 49152. “You can quite literally download the BMC password file from any UPnP enabled Supermicro motherboard running IPMI on a public interface,” he wrote. Baseboard Management Controllers (BMCs) are small, embedded systems attached to a system’s motherboard that manage IPMI communications. Wikholm says that Supermicro has fixed the problem in the latest version of its IPMI firmware. However, companies are often reluctant to flash […]

Continue Reading

U.S. looks to create an ‘Internet of Postal Things’ – Computerworld

There’s an interesting article by Patrick Thibodeau over at Computerworld about how the U.S. Postal Service is soliciting ideas about leveraging Internet of Things technologies throughout its (massive) system. The Postal Service published a solicitation for a “supplier who has the expertise and critical knowledge of the Internet of Things,” as well as (big) data analytics. The goal is to harness data from throughout the Postal Service’s massive infrastructure in order to increase efficiency and lower costs. The U.S. Postal Service is one of world’s most extensive and efficient. But it has also been bleeding red ink in recent years. The Services reported a $15.9 billion net loss in fiscal year 2012 – much of it tied to mandated payments to meet future retiree health benefits. Those losses have narrowed in recent years. In May, the USPO reported a net loss of $1.9 billion in the second quarter and increased […]

Continue Reading

Infographic: A Heartbleed Disclosure Timeline (Secunia)

The dangerous security hole in OpenSSL known as “Heartbleed” has (mostly) faded from the headlines, but that doesn’t mean it isn’t still dangerous. As this blog has noted, the Heartbleed vulnerability was patched quickly on major platforms like Apache and nginx and by high profile service providers like Google and Facebook. But it still has a long tail of web applications that aren’t high risk (i.e. directly reachable via the Internet) and embedded devices that use OpenSSL or its various components. As the folks over at Acunetix note in a blog post today, hundreds of other services, application software and operating systems make use of OpenSSL for purposes that might be entirely unrelated to delivering pages over HTTPS. This includes all the email servers (using SMTP, POP and IMAP protocols), FTP servers, chat servers (XMPP protocol), virtual private networks (SSL VPNs), and network appliances that use OpenSSL or its components. The number of systems vulnerable to […]

Continue Reading

Internet of Things to Increase Shortage of Security Professionals

The tech publication eWeek has an interesting interview with Sujata Ramamoorthy, the director for global information security for Cisco’s Threat Response, Intelligence, and Development (TRIAD) group about the impact of Internet of Things technology on the (already painful) shortage of IT security workers. According to Ramamoorthy, adoption of Internet of Things technologies and platforms will exacerbate the IT security worker shortage.  “These trends are what are fueling the need for additional security skills in the industry, and because the networks themselves are getting more complex, the applications communicating over them are getting more complex,” she told eWeek reporter Rob Lemos. The increasing complexity  of information infrastructure in IoT deployments, an explosion in the number of connected endpoints and a corresponding lack of visibility into cloud services all make the shortage of corporate security experts more critical, Ramamoorthy said. Already there is an estimated 1 million information-security staff and manager shortage globally, according […]

Continue Reading
1 250 251 252 253 254 320