Search Results for "standards"

Is Analog The Answer To Cyber Terrorism?

Ralph Langner is one of the foremost experts on the security of critical infrastructure that we have. So, generally, when Ralph says something – whether its about Stuxnet, or cyberwar or the security of nuclear power plants – folks listen. And these days, Ralph is wondering, out loud, whether our reliance on digital systems to manage critical infrastructure has gone too far. The answer, he suggests, may be to go “back to the future,” as it were: reintroducing analog systems into the control process chain as a backstop for cyber attacks. Case in point: the Department of Homeland Security’s ICS-CERT warned on Friday that firmware for Siemens SIMATIC S7-1500 CPUs (Central Processing Units) contain nine vulnerabilities that could enable attacks such as cross site request forgery, cross site scripting and URL redirection. (Siemens has issued a firmware update that patches the holes.) Langner is among the world’s foremost experts on […]

Continue Reading

Is Refrigerator Spam Really In Our Future?

I came across an interesting post over on Wearable World News today titled “The Danger of Smart Spam In the Internet of Things.” The article, by Jessica Groopman, ran yesterday and provides a kind of conceptual overview of the security and IoT space. I think Goodman gets it mostly right: she talks about the proliferation of device types and platforms that will (or already does) characterize the Internet of Things. With hundreds of billions (compared with hundreds of millions) of Internet connected endpoints, cyber criminals, hacktivists and other bad actors have an even greater ability to create armies of compromised endpoints and harness their collective power in attacks. Goodman also gets it right when she notes that many “smart” devices run commodity operating systems like Linux and don’t require lots of special effort to reverse engineer. Finally, IoT devices frequently are low power and embedded systems that lack the processing […]

Continue Reading

Save The Date: The Security of Things Forum May 7

A little more than 18 months ago, I launched The Security Ledger, a news and analysis blog devoted to exploring cyber security and its intersection with the growing world of intelligent, Internet-connected “stuff.” My goal all along has been to shine a light on some of the security and privacy issues that arise as ‘computers’ (for lack of a better term) morph from devices on our desk to things that we wear, drive, carry in our body or watch us from the sky. More than that, though, I wanted to build a community of subject matter experts, thought leaders and decision makers who could help shape the conversation about how to navigate the transition from the Internet of computers to the Internet of Things. [Register Now for an Early Bird Discount!] But, let’s face it, there’s only so much interaction that can happen through a web site or e-mail newsletter. That’s […]

Continue Reading

RSA Perspective: Outrage With A Side Of Salsa

Let the record show that one of the most dramatic expressions of discontent over rampant government surveillance of U.S. citizens and private companies during last week’s RSA Conference in San Francisco went down at a taco joint. As the world’s cyber security elite gathered in San Francisco’s Moscone Center for the RSA Security Conference, a group of privacy and online rights activists that go by the name “Vegas 2.0” used donated funds to rent out Chevy’s, a popular Mexican food restaurant located next to the exhibit halls and frequented by conference goers. As reported by ZDNet’s Violet Blue, paying RSA attendees and speakers – identifiable by red badges – were refused entry to Chevy’s and handed flyers explaining the protestors’ grievances against the Conference’s parent company, RSA Security, which is alleged to have colluded with the NSA to weaken encryption standards in its products. Among those reported to have been […]

Continue Reading

Snowden RSA Controversy Just One Of Many Facing Security Industry

In a little more than a week, executives from world’s leading technology firms will gather in San Francisco for the RSA Conference, the cyber security industry’s biggest show in North America. No hacker con, RSA is something akin to corporate speed dating for companies in the security industry. But, like so much else in the technology world, this year’s conference has become mired in controversy stemming from Edward Snowden’s leak of classified documents related to government surveillance. In December, Reuters broke the story that, among the documents leaked by Snowden was evidence that RSA, the security division of EMC and parent company to the conference, accepted a $10m payment from the NSA to implement what turned out to be a vulnerable encryption algorithm as the default option for its BSafe endpoint protection product. RSA, the security division of EMC, has denied the allegations that it accepted the money while knowing that […]

Continue Reading
1 42 43 44 45 46 50