You searched for home | Page 120 of 127 | The Security Ledger with Paul F. Roberts

Search Results for "home"

Security Start-Up, University Team On Android Patch App

July 16, 2013 Paul Roberts

The saga of the application-signing flaw affecting Google’s Android mobile phones took another turn Tuesday when a Silicon Valley startup teamed with graduate students from Northeastern University in Boston to offer their own fix-it tool for hundreds of millions of Android phones that have been left without access to Google’s official patch. Duo Security announced the availability of an Android utility dubbed “ReKey” on Tuesday. The tool allows Droid users to patch the so-called “Master Key” vulnerability on Android devices, even in the absence of a security update from Android handset makers (OEMs) and carriers who distribute the phones, according to a post on the Duo Security blog. The tool can be downloaded from the site rekey.io. “ReKey is the latest of our research projects designed to make the Internet a safer place,” said Collin Mulliner, a postdoctoral researcher at NEU SecLab in a joint press release issued by NEU […]

NIST Cyber Security Draft Framework Puts Execs In Driver’s Seat

July 3, 2013 Paul Roberts

The U.S. government’s federal technology agency has published a draft version of a voluntary framework it hopes will guide the private sector in reducing the risk of cyber attacks on critical infrastructure. The National Institute of Standards and Technology (NIST) published a draft of its Preliminary Framework to Reduce Cyber Risks to Critical Infrastructure on Monday. The document provides a guide for critical infrastructure owners of different maturity levels to begin documenting and understanding their risk of cyber attack, and – eventually – to measure their performance in areas such as asset management, threat detection and incident response. The framework was called for by Executive Order 13636, signed by President Obama in February. In that order, NIST was charged with creating a framework for sharing cyber security threat information and information on successful approaches to reduce risks to critical infrastructure. The Framework is comprised of five major cybersecurity functions: Know […]

Facebook Mum On Future Of Ghost User Accounts

June 24, 2013 Paul Roberts

Facebook acknowledged on Friday that a flaw in a feature that lets users download their own profile information exposed personal information on approximately six million users, including phone numbers and e-mail addresses that were not shared with the site, but is staying mum on the future of wide ranging information harvesting practices revealed by the bug. In a blog post, the social networking giant said the security hole was disclosed by an independent security researcher and forced the company to disable the Download Your Information (DYI) feature until it could be fixed. Despite the large number of people affected, Facebook said individual pieces of private data like an e-mail address or telephone number were only exposed to one or two other Facebook users. However, Facebook has not said whether it will cease using non-public data from users’ contacts to fill out dossiers on other Facebook users, a practice that has […]

HBR: Internet Of Things Has ‘Profound’ Impact On Risk

June 21, 2013 Paul Roberts

The advent of a global network of Internet connected devices – sometimes referred to as the “Internet of Things” will bring about a “data democratization” that will upend traditional IT security models and pose considerable risks for organizations. That’s the conclusion of two leading authorities on the so-called “Internet of Things” (IoT), Christopher J. Rezendes and W. David Stephenson, who write that its impact on businesses will be “profound,” and that cyber security will be one of the biggest challenges that organizations must address. In a guest post on the Harvard Business Review blog on Friday, Rezendes, the president of INEX Advisors, and Stephenson, an author and consultant specializing in the Internet of Things argue that “the very principle that makes the IoT so powerful — the potential to share data instantly with everyone and everything (every authorized entity, that is) — creates a huge cybersecurity threat.” The authors predict […]

FDA: Medical Device Makers, Hospitals Need To Boost Cyber Security

June 14, 2013 Paul Roberts

The U.S. Food and Drug Administration (FDA) has issued guidance to medical device makers and hospitals that use their products to pay more attention to cyber security and the potential for cyber attacks on vulnerable medical instruments. The FDA released its “Safety Communication for Cybersecurity for Medical Devices and Hospital Networks” on Thursday – the same day that the Department of Homeland Security’s ICS (Industrial Control System) CERT issued a warning about the discovery of hard coded “back door” passwords in some 300 medical devices from 40 separate vendors, including drug infusion pumps, ventilators and patient monitoring systems. The FDA said it expects device makers to “review their cybersecurity practices and policies to assure that appropriate safeguards are in place to prevent unauthorized access or modification to their medical devices or compromise of the security of the hospital network that may be connected to the device. Hospitals were instructed to harden […]