Call it “the quantified self” – that intersection of powerful, IP-enabled personal health monitoring tools and (usually) Web based tools for aggregating, analyzing and reporting. The last five years has brought an explosion in these products. In addition to the long-popular gear like Garmin GPS watches – must have items for the exercise addicted – there’s a whole range of new tools for the merely “exercise curious” or folks interested in losing weight or just figure out what, exactly, they do all day. Count Nike’s FuelBand, Jawbone’s UP, and Fitbit in that category. Alas, a growing number of reports suggest that, when it comes to medical devices and health monitoring tools, the security of sensitive personal data isn’t a top priority. The latest news comes by way of researchers at Florida International University in Miami, Florida. A team of three researchers, composed of students and faculty, analyzed the Fitbit health monitoring device […]
Home Invasion: Home Routers May Be The Next Big Hack
Most of us have broadband at home. It’s always there. It works and, for the most part, we don’t think about it until it goes down. Our amnesia extends to the humble home gateway or broadband router that is our connection to the global Internet. That piece of CPE (or customer-premises equipment) probably sits on our desk, or down in our basement gathering dust. Strong password? Meh. Firmware update? Hey, ‘if it ain’t broke…don’t fix it!” But all those small, insecure devices could add up to a major security crisis for users and their Internet Service Provider (ISP), according to researchers at the firm IOActive. Writing on the IOActive blog, researchers Ehab Hussein (@_obzy_) and Sofiane Taimat (@_sud0) say that millions of vulnerable home routers and gateways are vulnerable to trivial attacks. Those devices could be harnessed by cyber criminal groups, state-backed actors or hacktivists for malware distribution, spam or […]
DPRKurious: Is North Korea Really Behind Cyber Attacks On The South?
The news keeps coming out of South Korea, where a mysterious rash of hacks and virus infections early Thursday compromised tens of thousands of machines running at banks, broadcasters and other firms, erasing data and causing widespread disruption. Here’s the latest: South Korean Officials “Strongly Suspect” North Korea South Korean government officials made their most direct statements to date (albeit anonymously) on the possible source of the attack, saying that they had a “strong suspicion” that the government of the Democratic People’s Republic of Korea (DPRK) was responsible. Speaking to the YonHap News Agency, the official, identified as a “high ranking official in the office of President Cheong Wa Dae,” refused to elaborate. However, he may have been referring to the preliminary results of the Korea Communications Commission (KCC) which traced the malicious code responsible for crippling computers at broadcasters and banks to an IP address in China. South Korean […]
Update: Destructive Hacks Hit South Korean Media, Banks
Editor’s Note: Updated to include information from AlienVault on the attacks. – PFR 3/20/2013 Destructive cyber attacks against media outlets and banks in South Korea have ratcheted up tensions on the Korean Peninsula, with charges that the government of reclusive North Korea was behind the hacks. According to a report in South Korea’s Yonhap News Agency, the attacks began at 2:00PM local time in South Korea and affected the computer networks of three broadcasters and two banks. Broadcasters KBS, MBC and YTN all reported that their computer networks were “halted” at that time. Shinhan Bank and Nonghyup made similar reports to the National Police Agency (NPA), according to Yonhap. Unlike past distributed denial of service (DDoS) attacks that are believed to have been launched by the DPRK against the South, the latest incursions come at a time of extreme military tension on the peninsula, and caused damages to South Korean […]
Welcoming A New Sponsor: The Trusted Computing Group!
The Security Ledger is a new, online publication that’s serious about reporting on security and “The Internet of Things.” While we’ve had tremendous success in our first six months of operation, any new endeavor involves some risk. That’s why I’m thrilled to have had the backing of some forward-looking sponsors: Qualys and Veracode. And today, I’m happy to add a new name to that list: The Trusted Computing Group (TCG). For those of you who aren’t familiar with TCG, its best known as the group behind the Trusted Platform Module (TPM) secure, cryptographic chip that ships with almost every modern desktop and notebook PC. The TPM assures a hardware-based root of trust on compliant system, allowing TPM-equipped systems to securely generate cryptographic keys that can authenticate each endpont for use in secure, online transactions and communications. But TCG actually does a lot more. As a security beat reporter, for example, I […]