Hundreds of millions of wireless devices may be affected by a flaw in WPA-2, a widely used standard for securing wireless Internet connections. (Updated to add commentary by Bob Rudis of Rapid 7.)
Tag: software
Now Online: Securing DevOps without Sinking Productivity
If you missed attending it last month, our September discussion with Jason Sabin, CSO of DigiCert and Davi Ottenheimer of IANS on securing DevOps environments is available for viewing.
Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside
In the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on.
Hole in Mobile Apps Leave Home Automation Systems Vulnerable to Hacking
Mobile applications used with two, popular home automation platforms by Wink and Insteon fail to protect user login information, leaving the devices vulnerable to hacking, a researcher at Rapid7 found.
Is CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night?
In the latest Security Ledger podcast, Paul speaks with Michael Gorelik of the firm Morphisec about the hack of security software vendor CCleaner – a hack that Gorelik’s firm discovered. CCleaner, he says, may just be the tip of the iceberg when it comes to supply chain hacks. And: “Alexa: have we been hacked by China?” Paul speaks with Grant Wernick of the firm Insight Engines, which is releasing a product this week that integrates the Splunk log management tool with Amazon’s voice assistant.
