Tag: password

You’re Invited: A Conversation on Password Security and Targeted Attacks

A note to Security Ledger readers that I’ll be facilitating a really interesting conversation this afternoon on password (in)security and how weak user authentication can undermine even the best laid security plans. The SANS Webinar, Security for the People: End User Authentication Security on the Internet” kicks off at 3:00 PM Eastern today (12:00 PM Pacific). You can register to join us using this link.   My guest is DUO Security researcher Mark Stanislav, a frequent Security Ledger contributor and one of the smartest guys out there when it comes to passwords, authentication and securing the Internet of Things. There’s plenty to talk about: weak authentication schemes are the root cause of any number of prominent breaches – from the recent attacks the Apple iCloud accounts of A-list celebrities, to the breach at retailer Target (reportedly the result of a phishing attack on an HVAC contractor that Target used.) Mark and I […]

Continue Reading

With Cars Connected to the Internet, What about Privacy? | Computerworld

Lucas Mearian has a long and quite thorough article over at Computerworld weighing the possible security and privacy risks posed by connected vehicles. Among other things, Mearian weighs the recent past and likely future of connected vehicles, noting that, “once mobile devices are connected to car infotainment systems and cars are connected to the Internet, vehicles will become a rich source of data for manufacturers, marketers, insurance providers and the government.” They’ll also be a target for hackers. The problem is that, unlike mobile phones, cars have useful lives that are measured in decades, not years – or even months. That makes it difficult for manufacturers, who want to make their vehicles state of the art, but also must deal with the reality of much longer development cycles and complex interactions between non-critical and critical on board systems. [Read more Security Ledger coverage of connected vehicles here.]   A couple issues worth noting: […]

Continue Reading

How Big Data holds the Key To Securing the Internet of Things

I’m seeing a lot of pre-conference promotion of content from the big Internet of Things Expo out in Santa Clara in early November. One interesting presentation that is worth checking out (the slides are already online) is James Kobielus’s talk on how IT professionals should address the security challenges of IoT. Kobielus is IBM’s program director for Big Data analytics product marketing. In his presentation, he tackles the question of whether the Internet of Things is (to use his words) “too big, diverse, pervasive,  and dynamic to secure comprehensively?” [Read our coverage of Internet of Things security here. ] After all, history will show that we’ve done – at best – a so-so job of securing the Internet of machines. How will adding a few zeros to the number of connected endpoints make things better? IoT will undermine even the tenuous walls we’ve built around our existing IT infrastructure: moving us to a […]

Continue Reading

Ahead of Apple’s Announcement: The Security Implications of Wearables | Trend Micro

The world’s attention will be focused on Apple this week and on the topic of wearables. In an event on Tuesday, the Cupertino company is planning to unveil the latest additions to its popular iPhone line along with a wearable device that most folks are just calling the ‘iWatch.’ But as Apple wrestles with the security of its growing stable of mobile devices and the cloud infrastructure that supports them, what will the impact of wearables be? Well, the folks over at Trend Micro are putting together a series of blog posts that look at that very question. Namely: the (information) security implications of wearables. It makes for some interesting reading. Among other things, Trend There are three very broad categories that we can use to describe what we are talking about. The posts, by Senior Threat Researcher David Sancho, break down the wearables space into three categories:  ‘IN’ devices like sensors, ‘OUT’ […]

Continue Reading

Report: Apple IDs Targeted by Kelihos Botnet

There’s an interesting post over on Symantec’s blog about a shift noted in the behavior of the Kelihos botnet in recent days. According to Symantec, Kelihos operators have turned their attention to Apple customers, launching a phishing email campaign aimed at Apple iCloud users and Apple ID’s and passwords. According to the post, Symantec has observed Kelihos (also known as Waledac) being used to send spam emails purporting to be from Apple, informing the victim that a purchase has been made using their account on the iTunes Store. Samples of the emails discovered by Symantec bear the subject line “Pending Authorisation Notification.” The body of the phishing email says that the victim’s account has been used to purchase the film “Lane Splitter” on a computer or device that hadn’t previously been linked to their Apple ID. The email gives an IP address that was used to make the alleged purchase and […]

Continue Reading
1 13 14 15 16 17 25