Search Results for "critical infrastructure"

Heartbleed Prompts Fiscal Lifeline For Open Source

One of the most powerful (and substantive) realizations to come out of the news about the ‘Heartbleed’ OpenSSL vulnerability was that open source projects need help and attention from the tech community that relies on their fruits. I’ve written about this before – noting Apple’s reluctance to put some of its considerable cash hoard towards supporting open source projects it relies on (like the Apache Software Foundation), as have others. [Read Security Ledger’s coverage of the Heartbleed vulnerability here.]   Now that idea appears to have taken root. On Thursday, the Linux Foundation announced the creation of the Core Infrastructure Initiative, a multi-million dollar project to fund open source projects that are in the critical path for core computing functions. The CII group has some substantial backing. Google, Cisco, Microsoft, Facebook, Amazon, IBM, Intel, Samsung, Fujitsu and VMWare all signed on to the CII Steering Committee. (Surprising (or not): Apple was not one of the firms supporting […]

Continue Reading

History Suggests Heartbleed Will Continue To Beat

The SANS Internet Storm Center dialed down the panic on Monday, resetting the Infocon to “Green” and citing the increased awareness of the critical OpenSSL vulnerability known as Heartbleed as the reason.   Still, the drumbeat of news about a serious vulnerability in the OpenSSL encryption software continued this week. Among the large-font headlines: tens of  millions of Android mobile devices running version 4.1 of that mobile operating system (or “Jelly Bean”) use a vulnerable version of the OpenSSL software. Also: more infrastructure and web application players announced patches to address the Heartbleed vulnerability. They include virtualization software vendor VMWare, as well as cloud-based file sharing service Box. If history is any guide: at some point in the next week or two, the drumbeat will soften and, eventually, go silent or nearly so. But that hardly means the Heartbleed problem has gone away. In fact, if Heartbleed follows the same […]

Continue Reading

Heartbleed For Poets And Other Must-Reads

It’s H-Day + 2 – two full days since we learned that one of the pillars of online security, OpenSSL, has contained a gaping security hole for the past two years that rendered its protections illusory. As I wrote over on Veracode’s blog today: this one hurts. It exposes private encryption keys, allowing encrypted SSL sessions to be revealed. Trend Micro data suggests around 5% of one million Internet top-level domains are vulnerable.  IOActive notes that Heartbleed also appears to leave data such as user sessions subject to hijacking, exposes encrypted search queries and leaves passwords used to access online services subject to snooping, provided the service hasn’t updated their OpenSSL instance to the latest version. In fact, its safe to bet that the ramifications of Heartbleed will continue to be felt for months – even years to come. In the meantime, there is a lot of interesting coverage and […]

Continue Reading

After Snowden, State Department Eyes Cloud-Nationalism

Amid the very public debate about the civil liberties implications of Edward Snowden’s revelations about NSA spying at home and abroad, the potential business fallout from the leak of classified information has been a footnote. But as the disclosures wear on, business leaders in the U.S. and elsewhere are beginning to discern the impact of the Snowden leaks. One place they’re voicing their concerns is The State Department, where technology vendors have been complaining of blowback from international customers, according to a senior State Department official who spoke with The Security Ledger. “We’re talking to cloud providers, including some very large cloud providers, about the challenges they face abroad,” the official said. The State Department has heard anecdotal reports of US firms losing business due to concerns about government surveillance, but companies have been reluctant to advertise lost accounts. At the same time, the State Department has heard of foreign competitors drumming […]

Continue Reading

Wolfram Floats Common Language For Internet Of Things

Amid all the “connected device” hoopla coming out of the Consumer Electronics Show (CES) this week, one of the most interesting announcements came from an unexpected corner: Wolfram Research, a maker of high-end software that is used in scientific research. On Monday, the company’s CEO, Stephen Wolfram, announced The Wolfram Connected Devices Project – an initiative that will comprise both a common catalog of connected devices and a common language to connect them. “Connected devices are central to our long-term strategy of injecting sophisticated computation and knowledge into everything,” Wolfram said. “With the Wolfram Language we now have a way to describe and compute about things in the world. Connected devices are what we need to measure and interface with those things.” Wolfram’s short-term goal is to begin cataloging IoT devices and making those devices ‘searchable’ via its Wolfram Alpha web portal – what the company describes as a ‘computational […]

Continue Reading
1 61 62 63 64