In-brief: A new company, PFP Cybersecurity, says it can detect malware infections almost instantly by analyzing changes in the way infected devices consume power. The company is targeting industrial control system and critical infrastructure with new products.
Last week, home broadband router maker ASUS was the latest vendor to issue an emergency patch for a critical vulnerability in its products. This, after proof-of-concept exploit code was released for the so-called “Inforsvr” vulnerability that affects several ASUS home routers. That vulnerability -if left unpatched – would allow anyone with access to a home- or small business network that used an ASUS broadband router to, essentially, commandeer the device. The “infosvr” feature is typically used for device discovery by the ASUS Wireless Router Device Discovery Utility, but the service also allowed unauthenticated users to execute commands through it using the “root” permissions, according to researcher Friedrich Postelstorfer, who created a proof of concept exploit for the security hole and released it on January 4. The exploit code finally prompted a patch from ASUS on January 13. The company had spent months analyzing the issue and working on a fix. Patch aside, it has been a worrying month for the […]
In brief: The Open Interconnect Consortium (OIC) introduced a new, open source framework to connect billions of smart devices from a wide variety of vendors. But has the IoT standards horse already left the barn?
Mitch Thomas over at the security firm Tripwire has a good post on “architecting the security of things” that’s worth checking out. As an incumbent security vendor, Tripwire faces the same challenges and problems as other vendors who came of age securing traditional endpoints and enterprise IT environments. Among them: adapting to a nearly limitless population of new endpoints – many of them small, resource constrained embedded systems. As we’ve noted before: many of these systems aren’t capable of the kinds of interrogations (vulnerability- and malware scans just two examples) that many security tools take for granted.
Intel unveiled a new Internet of Things platform this week dubbed (surprisingly enough) the “Intel IoT Platform.” The goal is to provide a unified platform for connecting diverse and distributed connected things. Given Intel’s big investment in security with the purchase of McAfee, its no surprise that security is a big part of the “value add” for the IoT platform. Intel says that its IoT platform promotes interoperability of network, operational technology and information technologies. The IoT Platform envisions Intel Quark™ to Intel Xeon, and Intel-based devices, gateways, and datacenter solutions with hardware-based root of trust. With hardware enabled identity and secure boot features, Intel believes that you can eliminate a wide range of malicious attacks and compromises. Intel’s IoT Gateway devices are based on its 2009 acquisition of WindRiver. They also wrap security intelligence from Intel’s acquisition of McAfee. Specifically, Intel has embedded anomaly and intrusion detection and prevention capabilities in […]
