Tag: conferences

IoT And Big Data To Create Insurance Industry Winners, Losers

This blog writes a lot about risk and the Internet of Things. Specifically: we talk about how smart, sensor rich, connected devices create all kinds of new risks for enterprises and consumers. It goes without saying that feature development (and adoption) are running well ahead of pesky issues like secure design and deployment or data privacy. Smart companies are trying to put some brakes on that trend. (Witness Google prohibiting sensitive health data from its Android Wear platform.) But, by and large, companies are plowing ahead into IoT technologies without a lot of consideration of the risks. But there’s one industry where risk _is_ the business: the insurance industry. And there, the thinking about the potential of Internet of Things is decidedly bullish. In fact, a recent report from the financial services research firm Celent (paywall) suggests that broad adoption of IoT technologies will revolutionize the way insurance companies market and sell to […]

Continue Reading

Heartbleed: Technology Monoculture’s Second Act

Say ‘technology monoculture’ and most people (who don’t look at you cross-eyed or say ‘God bless you!’) will say “Microsoft” or “Windows” or “Microsoft Windows.” That makes sense. Windows still runs on more than 90% of all desktop systems, long after Redmond’s star is rumored to have dimmed next to that of Apple. Microsoft is the poster child for the dangers and benefits of a monoculture. Hardware makers and application developers have a single platform to write to – consumers have confidence that the software and hardware they buy will “just work” so long as they’re running some version of Windows. The downside, of course, is that the Windows monoculture has also been a boon to bad guys, who can tailor exploits to one operating system or associated application (Office, Internet Explorer) and be confident that 9 of 10 systems their malicious software encounters will at least be running some version of the […]

Continue Reading

Heartbleed For Poets And Other Must-Reads

It’s H-Day + 2 – two full days since we learned that one of the pillars of online security, OpenSSL, has contained a gaping security hole for the past two years that rendered its protections illusory. As I wrote over on Veracode’s blog today: this one hurts. It exposes private encryption keys, allowing encrypted SSL sessions to be revealed. Trend Micro data suggests around 5% of one million Internet top-level domains are vulnerable.  IOActive notes that Heartbleed also appears to leave data such as user sessions subject to hijacking, exposes encrypted search queries and leaves passwords used to access online services subject to snooping, provided the service hasn’t updated their OpenSSL instance to the latest version. In fact, its safe to bet that the ramifications of Heartbleed will continue to be felt for months – even years to come. In the meantime, there is a lot of interesting coverage and […]

Continue Reading

Vint Cerf: CS Changes Needed To Address IoT Security, Privacy

The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google’s Internet Evangelist. Cerf, speaking in a public Google Hangout on Wednesday, said that he’s tremendously excited about the possibilities of an Internet of billions of connected objects, but said that securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – and one that the nation’s universities need to start addressing. “I’m very excited,” Cerf said, in response to a question from host Leo Laporte. He cited the Philips HUE lightbulb as an example of a cool IoT application. “So you’re going to be able to manage quite a wide range of appliances at home , at work and in your car. Eventually, that will include things you’re […]

Continue Reading

Web to Wheels: Tesla Password Insecurity Exposes Cars, Drivers

We’ve interviewed security researcher Nitesh Dhanjani before. In the last year, he’s done some eye-opening investigations into consumer products like the Philips HUE smart lightbulbs. We did a podcast with Nitesh in December where we talked more generally about security and the Internet of Things. Now Dhanjani is in the news again with research on one of the most high-profile connected devices in the world: Tesla’s super-smart electric cars. In a presentation at Black Hat Asia on Friday, he  released findings of some research on the Tesla Model S that suggests the cars have a weakness common to many Web based applications: a weak authentication scheme. (A PDF version of the report is here.) Specifically: Tesla’s sophisticated cars rely on a decidedly unsophisticated security scheme: a six-character PIN. Dhanjani’s research discovered a variety of potentially exploitable holes that would give even an unsophisticated attacker a good chance at breaking into […]

Continue Reading
1 19 20 21 22 23 31