Post Tagged with: "Mobile Threats"

History Suggests Heartbleed Will Continue To Beat

April 16, 2014 11:120 comments
Heartbleed probably won't ever go away, and is likely to become an endemic problem on the Internet, experts agree.

The SANS Internet Storm Center dialed down the panic on Monday, resetting the Infocon to “Green” and citing the increased awareness of the critical OpenSSL vulnerability known as Heartbleed as the reason.   Still, the drumbeat of news about a serious vulnerability in the OpenSSL encryption software continued this week. Among the large-font headlines: tens of  millions of Android mobile devices running version 4.1 of that mobile operating system (or “Jelly Bean”) use a vulnerable version of the OpenSSL software. Also: more infrastructure and web application players announced patches to address the Heartbleed vulnerability. They include virtualization software vendor VMWare, as well as cloud-based file sharing service Box. If history is any guide: at some point in the next week or two, the drumbeat will soften and, eventually, go silent or nearly so. But that hardly means the Heartbleed problem has gone away. In fact, if Heartbleed follows the same […]

Read more ›

IDS And The IoT: Snort Creator Marty Roesch On Securing The Internet of Things

April 13, 2014 15:580 comments
IDS And The IoT: Snort Creator Marty Roesch On Securing The Internet of Things

Martin Roesch is one of the giants of the security industry: a hacker in the truest sense of the term who, in the late 1990s created a wide range of security tools as a way to teach himself about information security. One of them, the open source SNORT intrusion detection system, turned into one of the mostly widely used and respected security tools in the world. SNORT became the foundation for Sourcefire, the company Marty helped found in 2001. And Sourcefire went on to fantastic success: first as a startup, then as a publicly traded company and, as of October of last year, as part of Cisco Systems, after the networking giant bought Roesch’s company for $2.7 billion. These days, Marty serves as a Vice President and Chief Architect of Cisco’s Security Business Group, where he’s helping shape that company’s strategy for securing the next generation of enterprise (and post-enterprise) networks. […]

Read more ›

Web to Wheels: Tesla Password Insecurity Exposes Cars, Drivers

March 31, 2014 15:430 comments
Web to Wheels: Tesla Password Insecurity Exposes Cars, Drivers

We’ve interviewed security researcher Nitesh Dhanjani before. In the last year, he’s done some eye-opening investigations into consumer products like the Philips HUE smart lightbulbs. We did a podcast with Nitesh in December where we talked more generally about security and the Internet of Things. Now Dhanjani is in the news again with research on one of the most high-profile connected devices in the world: Tesla’s super-smart electric cars. In a presentation at Black Hat Asia on Friday, he  released findings of some research on the Tesla Model S that suggests the cars have a weakness common to many Web based applications: a weak authentication scheme. (A PDF version of the report is here.) Specifically: Tesla’s sophisticated cars rely on a decidedly unsophisticated security scheme: a six-character PIN. Dhanjani’s research discovered a variety of potentially exploitable holes that would give even an unsophisticated attacker a good chance at breaking into […]

Read more ›

Analysis Finds Blurry Lines Between Rovio, Advertisers

March 28, 2014 15:520 comments
Analysis Finds Blurry Lines Between Rovio, Advertisers

Rovio, the maker of the massively popular Angry Birds, makes no secret about collecting personal data from those who download and play its games. But an analysis from the advanced threat detection firm FireEye is helping to expose the extend of data harvesting, and also to sketch out the blurry line that separates Rovio and third-party advertising networks it contracts with. In a blog post on Thursday, FireEye analysts Jimmy Suo and Tao Wei described the findings of an investigation into the interaction between Rovio’s mobile applications, including the latest version of Angry Birds, and third party ad networks such as Jumptap and Millenial Media. Using FireEye’s Mobile Threat Prevention (MTP), the two gathered and analyzed network packet capture (PCap) information and analyzed the workings of Angry Birds and its communications with third-party ad networks. The two were able to reveal a multi-stage information sharing operation, tracking code paths from the reverse-engineered […]

Read more ›

Cisco To Invest $1B Building Secure Cloud For Internet Of Things

March 25, 2014 18:350 comments
Cisco says its Intercloud service will add scale and security to IoT applications. (Image courtesy of Cisco.)

Cisco Systems announced that it will invest more than $1 billion building what it calls an “Intercloud” – a network of cloud platforms that will support a variety of new business applications, including those supporting connected devices that are part of the Internet of Things. The company said on Monday that the new initiative will greatly expand its cloud business over the next two years and provide APIs (application program interfaces) that will allow application developers to rapidly create new products suitable for use in the enterprise or by resellers and service providers. A range of Cisco’s existing partners have committed to deliver products or services for Cisco’s Intercloud Cloud Services including the Australian firm Telstra, Allstream, a Canadian communications provider and Ingram Micro Inc.a major technology wholesaler. Services provider SunGard Availability Services and Integralis have signed on, as has the IT consulting firm Wipro Ltd. “Together, we have the […]

Read more ›

Update – Virtual Vandalism: Firm Warns Of Connected Home Security Holes

February 18, 2014 11:351 comment
Update – Virtual Vandalism: Firm Warns Of Connected Home Security Holes

[This story was updated to include response from Belkin describing its response to the vulnerabilities identified by IOActive, including firmware updates. - PFR Feb 19, 2014] A researcher with the respected security firm IOActive says that he has found a number of serious security holes in home automation products from the firm Belkin that could allow remote attackers to use Belkin’s WeMo devices to virtually vandalize connected homes or as a stepping stone to other computers connected on a home network. In a statement released on Tuesday, IOActive researcher Mike Davis said that his research into Belkin’s WeMo technology found the “devices expose users to several potentially costly threats, from home fires with possible tragic consequences down to the simple waste of electricity.” IOActive provided information on Davis’s research to the US Computer Emergency Readiness Team (CERT), which issued an advisory on the WeMo issues on Tuesday.  Belkin did not […]

Read more ›

Target Breach Spells End for Magnetic Stripe Cards in 2015

February 7, 2014 08:50Comments Off
Mastercard and Visa say they will begin requiring more secure 'chip and pin' credit cards in 2015.

After years spent fighting pushes for more secure standards, the payment card industry and retailers are moving quickly to abandon magnetic stripe cards and embrace so-called ‘chip and pin’ technology. Credit card firms MasterCard and Visa plan to have most customers on the more secure chip and pin cards by October, 2015, according to a report in the Wall Street Journal. The move comes in the wake of a massive heist of account information for tens of millions of credit card holders from the systems of U.S. retailers including Target, Neiman Marcus and Michaels Stores. In an interview with MasterCard’s Carolyn Balfany, the Journal notes that company has set October, 2015 as the date for a “liability shift” – a change in policy that will hold the party in a fraudulent transaction liable for losses due to that transaction. The goal, said Balfany, is to try to encourage merchants and […]

Read more ›

Can Google Hold Back Facial Recognition For Glass?

February 4, 2014 11:18Comments Off
Can Google Hold Back Facial Recognition For Glass?

The New Yorker blog has an interesting, short piece by Betsy Morais on the challenges posed by facial recognition and wearable technology that’s worth reading. The post, “Through a Face Scanner, Darkly” picks up on recent reports about a proliferation of facial recognition applications for the Google Glass platform, addressing the ethical implications of the intersection of wearable technology with powerful sensors and analytics capabilities, including facial recognition. Specifically, Morais zeros in on an app called NameTag that adds a face scanner to the Glass. “Snap a photo of a passerby, then wait a minute as the image is sent up to the company’s database and a match is hunted down. The results load in front of your left eye, a selection of personal details that might include someone’s name, occupation, Facebook and/or Twitter profile, and, conveniently, whether there’s a corresponding entry in the national sex-offender registry,” Morais writes. NameTag’s focus […]

Read more ›

Are Wearables The Future Of Authentication?

January 27, 2014 16:17Comments Off
Are Wearables The Future Of Authentication?

CIO Magazine has an interesting round-up piece that looks at the enterprise impact of wearable technology, which you can read here.   Much of this is what you’d expect: FitBit, Google Glass and the (coming) tsunami of smart watches that will soon wash over us. The Cliff’s Notes version is that adoption of wearables will be rapid in verticals that are positioned to leverage the technology early on – such as healthcare and retail. But the piece argues that enterprises risk ‘missing’ the wearable wave in the same way that they ‘missed’ (or at least didn’t plan for) the mobile computing revolution. What might planning entail? Pilots, apparently – maybe of Google Glass or a competing technology. [Read more Security Ledger coverage of wearable technology. ] An interesting side note concerns a possible enterprise ‘killer app’ for wearables; authentication. The article quotes Forrester Analyst J.P. Gownders saying that wearable technology, with integrated biometric […]

Read more ›

Cisco Survey: 100% of Fortune 500 Hosting Malware?

January 16, 2014 08:00Comments Off
Cisco Survey: 100% of Fortune 500 Hosting Malware?

If you’re working in IT at a Fortune 500 firm, Cisco Systems has some unwelcome news: you have a malware problem. According to the 2013 Annual Security Report from the networking giant, 100 percent of 30 Fortune 500 firms it surveyed sent traffic to Web sites that host malware. Ninety-six percent of those networks communicated with hijacked servers operated by cyber criminals or other malicious actors and 92 percent transmitted traffic to Web pages without content, which typically host malicious activity. “It was surprising that it was 100 percent, but we know that it’s not if you’re going to be compromised, but when,” said Levi Gundert, a technical lead in Cisco’s Threat Research, Analysis and Communications (TRAC) group in an interview with The Security Ledger. Among the high points (or low points) in Cisco’s Report: Cisco observed the highest number of vulnerabilities and threats on its Intellishield alert service in the 13 years […]

Read more ›

Security Ledger Uses: