Tag: software

Protecting Smart Cars And The Supply Chain From Hackers

One theme that frequently comes up in my conversations with experienced security veterans when we talk about security and “the Internet of Things” is the absence of what might be termed a “security culture.” That’s a hard term to define, but it basically describes a kind of organizational culture that anticipates and guards against online attacks. Certainly companies that have been selling software in any great number for any amount of time have had to develop their own security cultures – think about Microsoft’s transformation following Bill Gates Trustworthy Computing memo, or Adobe’s more recent about-face on product and software security. But that culture is lacking at many of the companies that have traditionally thought of themselves as ‘manufacturers’ – makers of “stuff,” but which now find themselves in the software business. Think General Electric (GE) or – even better – auto makers. A couple of months back, I had […]

Continue Reading

iPhone TouchID Falls To Well-Known Hack

Apple’s Touch ID may be the new thing when it comes to signing on to your iPhone. But the underlying finger print scanning technology proved vulnerable to a very old-school attack, according to information posted by the German hacking crew The Chaos Computer Club (CCC). The group announced late Saturday that it was able to successfully bypass TouchID with a fake fingerprint, lifted from a glass surface. “This demonstrates – again – that fingerprint biometrics is unsuitable as access control method (sp) and should be avoided,” the group wrote in blog post announcing the compromise. Apple’s Touch ID biometric sign-on was the major new feature in the just-released iPhone 5S (the feature is not offered for the lower-cost 5C, which was also just announced.) The feature makes use of technology Apple acquired in July 2012 with the firm AuthenTec, and its addition to the iPhone line was no surprise. But […]

Continue Reading

Podcast: Securing The Internet of Things

One of the most vexing problems created by the fast-evolving Internet of Things is how to secure the massive trove of data that is transmitted and then stored by smart devices such as automobiles, consumer and household electronics and personal devices. As we’ve seen, private sector firms have been aggressive in leveraging new technology to connect their products to the Internet. But less thought has been given to the security and privacy implications of doing so. Now people are starting to take notice. In recent weeks,  the FTC settled a case with a California firm, TRENDNet over balky home surveillance cameras they sold – cameras that were discovered to be easily discoverable and hackable from the public Internet. But, with so many cooks in the IoT kitchen (so to speak), where does responsibility for securing technology lie? Recently, I chatted with an expert on security and the Internet of Things. […]

Continue Reading

Internet of Things Demands New Social Contract To Protect Privacy

Changes brought about by the Internet of Things demands the creation of a whole new social contract to enshrine the right to privacy and prevent the creation of technology-fueled Orwellian surveillance states in which individual privacy protections take a back seat to security and “control.” That, according to an opinion piece penned by the head of the European Commission’s Knowledge Sharing Unit. Gérald Santucci, in an essay written for the web site privacysurgeon.org, argues that technology advances, including the advent of wearable technology and the combination of inexpensive, remote sensors and Big Data analytics threaten to undermine long-held notions like personal privacy and the rights of individuals. The essays says that current approaches to data protection are “largely inadequate” to the task of reigning in the asymmetrical changes wrought by new technology. “Data collection and video surveillance will continue to grow as ubiquitous computing pervades almost all areas of our […]

Continue Reading

Welcoming A New Sponsor: Mocana

You’ll notice some new artwork gracing The Security Ledger this week, and that’s because we’ve welcomed a new sponsor to the family: Mocana. I’d like to officially welcome them to the Security Ledger family.   This is a big win for Security Ledger.  Mocana will join Veracode, The Trusted Computing Group and Gemalto in underwriting The Security Ledger’s coverage of IT security news and the intersection of security with The Internet of Things (IoT). But we also win the support of a company that is all about IoT.   If you haven’t already checked out Mocana, I’d urge you to do so. Launched in 2004, the company’s expertise is in securing non-traditional endpoints. Mocana’s Device Security Framework, a suite of device-resident security software that is embedded into devices during the manufacturing process. DSF is a platform that supports a wide range of security functions, both through Mocana-created security modules and support of other […]

Continue Reading
1 103 104 105 106 107 117