Podcast: Play in new window | Download (Duration: 33:20 — 38.2MB)Subscribe: Android | Email | Google Podcasts | RSSIn this Spotlight Podcast, sponsored by Trusted Computing Group*, Dennis Mattoon of Microsoft Research gives us the low-down on DICE: the Device Identifier Composition Engine Architectures, which provides a means of solving a range of security and identity problems on low cost, low power IoT endpoints. Among them: establishing strong device identity, doing device attestation and safe deployment at scale and verifying software updates.
A lot changed in the 4 years between the last two OWASP Top 10 lists. In this end user perspective*, security pro Dino Londis talks about those changes and argues that organizations need to address the most common web application attacks, even as they work to engineer a new generation of secure applications.
Podcast: Play in new window | Download (Duration: 42:05 — 48.2MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s Security Ledger Podcast (#87) we speak with Priscilla Moriuchi of the firm Recorded Future about China’s efforts to cover up delays in publishing information on serious and exploitable software security holes. Joe Slowick of the firm Dragos Security joins us to talk about the hacking groups targeting industrial control systems and Ken Munro of the firm Pen Test Partners tells us why the UK’s new report on securing the Internet of Things isn’t worth the paper it’s written on.
Cisco Systems warned that companies need to do a better job monitoring IoT devices and third party software providers, as Internet of Things based botnets and supply chain attacks become more common.
The Electronic Frontier Foundation (EFF) is asking the Library of Congress to give owners of voice assistant devices like Amazon’s Echo, Google Home and other voice assistants the right to “jailbreak” the devices: freeing them from content control features designed to prevent users from running unauthorized code on those platforms. Spread the word!20shares16