A vulnerability in more than 1 million small office and home office (or SOHO) routers makes them potentially vulnerable to remote attacks that could expose private internal network traffic to prying eyes, according to a warning posted by the firm Rapid7.
GigaOm has an interesting, high-level piece that looks at the issue of law, liability and the Internet of Things. The article takes off from a discussion at the Download event in New York City earlier this month, wondering whether adoption of Internet of Things technologies like wearables is starting to run far ahead of society’s ability to manage them. Specifically: is the pace of technology innovation outstripping the ability of our legal system to reign in excess and protect public safety and civil liberties? On the list of ‘what-if’s’ are some familiar questions: How to assign liability. (“If one of Google’s automated cars crashes, is it the fault of the driver or Google?”) Read more Security Ledger coverage of Internet of Things here. What responsibility to users have to take advantage of safety features in connected products? (Does a parent’s failure to password-protect a baby monitor change the manufacturer’s liability when and […]
Add data security to the long list of issues on which U.S. President Barack Obama has resorted to unilateral action in order to push the government forward on a crucial matter. On Friday, President Obama signed an Executive Order directing the government to require the use of so-called “chip and PIN” technology for any newly issued or existing government debit and credit cards. The Order was intended to make the federal government “lead by example in securing transactions and sensitive data,” the White House said in a statement. The new BuySecure Initiative will provide consumers with more tools to secure their financial future by assisting victims of identity theft, improving the Government’s payment security as a customer and a provider, and accelerating the transition to stronger security technologies and the development of next-generation payment security tools. The Order launches a new initiative dubbed “BuySecure” intended to “drive the market towards more secure payment systems” […]
I spend a lot of time at information security industry events. It’s part of my job at Cisco -visiting customers and attending and speaking at conferences. And these days, many of my conversations are focused on issues surrounding securing the Internet of Things. By and large, I enjoy this immensely. But my experience also gives me a vantage point from which to observe the cyber security and IoT security community broadly. What I’ve concluded is this: ours is a community that is made up of highly gifted and intelligent professionals with diverse, but also specialized skills. Unfortunately, ours has been – and continues to be- an insular community. I’ve come to realize that this pronounced and endemic navel gazing does us and the general public a great disservice. In fact, it may make the job of not repeating the security mistakes of the last two decades more difficult. Can we […]
Smart lightbulbs aren’t anything new. In fact, products like the Philips Hue bulb have been in the market for years. The devices, which typically couple a standard incandescent or CF bulb with a wireless transmitter, allow lights to be managed via mobile device and also respond to environmental changes monitored by other sensors. But – as with much of the Internet of Things – each family of smart bulbs is something of an island: interacting- and communicating mostly with other smart home products from the same manufacturer. That’s good for the lightbulb maker, but bad for smart home advocates, see out-of-the box connectivity across product silos as a precursor to broad adoption of smart home technologies. It’s also been the case that the products that have been released have often fallen short in areas like security. In August, 2013, security researcher Nitesh Dhanjani disclosed a proof of concept hack […]
