You searched for critical infrastructure | Page 62 of 64 | The Security Ledger with Paul F. Roberts

Search Results for "critical infrastructure"

Old Apache Code at Root of Android FakeID Mess

July 29, 2014 Paul Roberts

A four year-old vulnerability in an open source component that is a critical part of Google’s Android mobile operating system could leave mobile devices that use it susceptible to attack, according to researchers at the firm Bluebox Security. The vulnerability was disclosed on Tuesday. It affects devices running Android versions 2.1 to 4.4 (“KitKat”), according to a statement released by Bluebox. According to Bluebox, the vulnerability was introduced to Android by way of the open source Apache Harmony module. It affects Android’s verification of digital signatures that are used to vouch for the identity of mobile applications, according to Jeff Forristal, Bluebox’s CTO. He will be presenting details about the FakeID vulnerability at the Black Hat Briefings security conference in Las Vegas next week.

U.S. looks to create an ‘Internet of Postal Things’ – Computerworld

June 19, 2014 Paul Roberts

There’s an interesting article by Patrick Thibodeau over at Computerworld about how the U.S. Postal Service is soliciting ideas about leveraging Internet of Things technologies throughout its (massive) system. The Postal Service published a solicitation for a “supplier who has the expertise and critical knowledge of the Internet of Things,” as well as (big) data analytics. The goal is to harness data from throughout the Postal Service’s massive infrastructure in order to increase efficiency and lower costs. The U.S. Postal Service is one of world’s most extensive and efficient. But it has also been bleeding red ink in recent years. The Services reported a $15.9 billion net loss in fiscal year 2012 – much of it tied to mandated payments to meet future retiree health benefits. Those losses have narrowed in recent years. In May, the USPO reported a net loss of $1.9 billion in the second quarter and increased […]

Internet of Things to Increase Shortage of Security Professionals

June 17, 2014 Paul Roberts

The tech publication eWeek has an interesting interview with Sujata Ramamoorthy, the director for global information security for Cisco’s Threat Response, Intelligence, and Development (TRIAD) group about the impact of Internet of Things technology on the (already painful) shortage of IT security workers. According to Ramamoorthy, adoption of Internet of Things technologies and platforms will exacerbate the IT security worker shortage. “These trends are what are fueling the need for additional security skills in the industry, and because the networks themselves are getting more complex, the applications communicating over them are getting more complex,” she told eWeek reporter Rob Lemos. The increasing complexity of information infrastructure in IoT deployments, an explosion in the number of connected endpoints and a corresponding lack of visibility into cloud services all make the shortage of corporate security experts more critical, Ramamoorthy said. Already there is an estimated 1 million information-security staff and manager shortage globally, according […]

Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix?

May 30, 2014 Paul Roberts

Like everyone else, we wrote extensively in the last month about the serious security vulnerability in OpenSSL dubbed “Heartbleed,” which affected many of the world’s leading web sites and services, including Facebook and Google. The large-type headlines about Heartbleed have passed. But that doesn’t mean that the danger has. As we have noted, we are entering a phase that might be considered Heartbleed’s ‘long tail.’ Most of the well-trafficked websites that were vulnerable to Heartbleed have gotten around to fixing the vulnerability. But public-facing web servers are only the beginning of the story for OpenSSL. Chasing down the vulnerability’s long tail in third-party applications and on internal web sites and applications is a much larger task. As I’ve noted: open source components make their way into all manner of applications and bespoke products these days, often without any effort to assess the security of the borrowed code. For companies that need to protect critical IT […]

China Hacking Indictments Day 2: Now For The Blowback

May 20, 2014 Paul Roberts

The big news yesterday was about the U.S. Justice Department announcing the first-ever criminal charges against a foreign country for cyberspying. The news today may well be about China (and other countries) taking retaliatory actions, including similar legal steps against individuals in this country, working on behalf of the NSA, CIA or other government agencies. The Justice Department on Monday announced that a grand jury in the Western District of Pennsylvania indicted five Chinese citizens (PDF) for charges that include computer hacking and economic espionage directed at six American companies in the nuclear power, metals and solar products industries. The indictment alleges that the five defendants conspired to hack into American companies on behalf of competitors in China, including state-owned enterprises. The stolen information included intellectual property that would allow the Chinese firms to better compete with their American competitors. The hackers also stole confidential information regarding business negotiations and other deals that would aid the Chinese […]