Tag: data privacy

The Art of Stealing Terabytes | Digital Guardian

There are many superlatives to describe the hack of Sony Pictures Entertainment. It has been called the “worst” and “most destructive” hack of all time. It has been likened to a nuclear bomb. It has been called an act of cyber warfare. But, behind all the hyperbole, the Sony hack is just another hack – albeit a bad one. And like any other cyber crime, there are questions about the ‘whys’ and ‘how’s’ of the Sony hack that have yet to be answered to anyone’s satisfaction. Chief among them: how the attackers were able to sneak terabytes of data off of Sony’s corporate network without being noticed. [Read more Security Ledger coverage of the Sony Pictures Hack here.] The sad truth may be that making off with terabytes worth of data may be easier than you think. Like you, I found this notion preposterous. But an informal poll of  respected security experts that […]

Continue Reading

At Electronics Bash, FTC Chairwoman Calls for Privacy, Security on IoT

  The Wall Street Journal reports on an address that FTC Chairwoman Edith Ramirez gave to the folks out at CES, the Consumer Electronics Show, in Las Vegas. From the report: “Ramirez outlined several concerns including ubiquitous data collection, or the ability of sensors to collect sensitive personal information about consumers all the time and in real time; unexpected uses of consumer data, such using individual energy use patterns to set their homeowners’ insurance rates; and cybersecurity threats. “She also noted opportunities. ‘Whether it’s a remote valet parking assistant, which allows drivers to get out of their cars and remotely guide their empty car to a parking spot; a new fashionable bracelet that allows consumers to check their texts and see reviews of nearby restaurants; or smart glucose meters, which make glucose readings accessible both to those afflicted with diabetes and their doctors, the IoT has the potential to transform […]

Continue Reading

No IoT Adoption? Security and Privacy Fears may be the Reason

As the Consumer Electronics Show (CES) rages in Las Vegas this week, its tempting to look at the reports about connected devices and wonder when it is, exactly, that the tsunami of smart devices, wearable tech and intelligent appliances will finally wash over us. But it might be even more useful to wonder why – given all the hype- we haven’t been washed out to sea already by the IoT wave. A recent article in Adweek calls attention to one leading theory about why the IoT isn’t gaining traction with everyday consumers: consumer worries about privacy and the security of data. The Adweek article (and groovy infograph) make hay out of a case study by Affinnova, a marketing technology firm that was acquired by Nielsen. The study asked consumers to evaluate “more than 4 million product concept variations and identify the most desired products and functions.” The goal: insight into consumer preferences as well […]

Continue Reading

Wireless Infusion Pump is Test Case for Securing Medical Devices

A National Institute of Standards and Technology (NIST) reference document is providing some of the clearest guidance from the U.S. government for securing connected medical devices, but may be setting too low a bar for securing wireless communications, according to a security expert. NIST, working with the University of Minnesota’s Technological Leadership Institute, released a draft Use Case document  (PDF) on December 18 to help health care providers “secure their medical devices on an enterprise networks.” However, in the area of communications security, the document suggests the use of WEP (Wired Equivalent Privacy), a legacy wireless security technology that can easily be cracked. NIST released the draft security use case document and is seeking feedback from the public. The drug infusion pump case study is described as the “first of a series” of similar use cases that will focus on medical device security, NIST wrote. The draft document presents a technical description of the security challenges […]

Continue Reading

Please Apply Our 10 Year-Old Patch: The Dismal State of Embedded Device Security

On Friday, the firm Allegro Software of Boxborough, Massachusetts, released an odd-sounding statement encouraging all its customers to “maintain firmware for highest level of embedded device security.” Specifically, Allegro wanted to warn customers about the need to apply a software update to address two recently discovered vulnerabilities affecting its Rom Pager embedded web server: CVE-2014-9222 and CVE-2014-9223, collectively known as the “Misfortune Cookie” vulnerabilities. That patch in question was released almost ten years ago – in 2005. As reported widely last week, the vulnerabilities affecting the Rom Pager software can be found in some 12 million broadband routers by manufacturers including Linksys, D-Link, Huawei, TP-Link, ZTE and Edimax. In short: some of the most common sellers of broadband routers in the world. The security firm CheckPoint discovered the vulnerabilities and issued a report about them. (The report web site is here and a PDF format report is here.) According to CheckPoint, the Misfortune Cookie vulnerability has to […]

Continue Reading
1 84 85 86 87 88 131