I’m seeing a lot of pre-conference promotion of content from the big Internet of Things Expo out in Santa Clara in early November. One interesting presentation that is worth checking out (the slides are already online) is James Kobielus’s talk on how IT professionals should address the security challenges of IoT. Kobielus is IBM’s program director for Big Data analytics product marketing. In his presentation, he tackles the question of whether the Internet of Things is (to use his words) “too big, diverse, pervasive, and dynamic to secure comprehensively?” [Read our coverage of Internet of Things security here. ] After all, history will show that we’ve done – at best – a so-so job of securing the Internet of machines. How will adding a few zeros to the number of connected endpoints make things better? IoT will undermine even the tenuous walls we’ve built around our existing IT infrastructure: moving us to a […]
Search Results for "third party software"
Security Experts call for Action on Connected Auto Safety
A non-profit group that represents prominent computer security researchers has issued an open letter to the automotive industry calling for more collaboration on cyber security issues. The group, I Am The Cavalry said the automotive industry needs to elevate cyber security to put it on par with other vehicle safety issues. The announcement, on Friday at DEF CON 22 in Las Vegas – an annual hacker conference – included a letter to CEOs in the automotive industry, calling for the adoption of “five key capabilities that create a baseline for safety relating to the computer systems in cars.” The letter asks for safety to be built into the design of computer systems in vehicles. “Increasing reliance on computer systems and internet connectivity in cars is opening up a whole new area of consumer risk, much of which is still being investigated and understood,” the group said. “Modern cars are computers […]
Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix?
Like everyone else, we wrote extensively in the last month about the serious security vulnerability in OpenSSL dubbed “Heartbleed,” which affected many of the world’s leading web sites and services, including Facebook and Google. The large-type headlines about Heartbleed have passed. But that doesn’t mean that the danger has. As we have noted, we are entering a phase that might be considered Heartbleed’s ‘long tail.’ Most of the well-trafficked websites that were vulnerable to Heartbleed have gotten around to fixing the vulnerability. But public-facing web servers are only the beginning of the story for OpenSSL. Chasing down the vulnerability’s long tail in third-party applications and on internal web sites and applications is a much larger task. As I’ve noted: open source components make their way into all manner of applications and bespoke products these days, often without any effort to assess the security of the borrowed code. For companies that need to protect critical IT […]
Bad Actor: With Update, LG Says No Monitoring, No Smart TV!
Customers of consumer electronics giant LG are raising alarm about a recent software update that asks owners to agree to have their viewing behavior tracked and monitored, or see their ‘smart’ TVs made dumb: with access to features like YouTube and Netflix disabled. Owners of some models of LG brand SmartTVs who have applied a recent firmware have taken to blogs to complain about a firmware update for their TVs that prompt them to agree to lengthy new Terms of Service and Privacy Agreements. The revised documents grant LG permission to monitor and record their viewing habits and their interactions with the device, including voice commands. Users who do not agree to the new terms find many of their smart TV features disabled, according to customer testimony and an analysis by one independent IT researcher. The prompt to read and accept a new “Legal Notice,” “Terms of Use” and “Privacy Policy” appears when SmartTV users first […]
No Silver Bullet For Securing The Internet Of Things
On Wednesday we wrapped up the first-ever Security of Things Forum (SECoT) here in Boston, which was a great success. During a full day of talks and panel discussions, there was a lot of discussion – both on the stage and in the audience. Here are some (high level) take aways from the event: The Internet of Things will be different – really different The combination of technologies that we refer to as the Internet of Things is going to be transformative in ways that are profound. As I said in introductory comments: I see the net effect of this next phase of the Internet as being a leap forward, rather than incremental change – less “invention of the printing press” and more “invention of writing and counting systems.” Like Internet v.1, the exact direction that the Internet of Things will take is unclear. What is clear is that it […]
