Tag: vulnerabilities

The Security Week In Review: Same Breach, Different Day

It’s the end of another week and, as has become a pattern, we’re weighing the impact of  another massive data breach: this one at Cupid Media, the owner of a network of dating web sites. According to a report on Krebsonsecurity.com, data on some 40 million Cupid Media customers turned up on the same servers that were found holding data stolen from Adobe Inc., PR Newswire and other victims. To get a handle on the impact of this breach and others like it, I invited Ted Julian, the Chief Marketing Officer of CO3 Systems, to talk about the recent string of embarrassing breaches and how companies go wrong (and sometimes right) in responding to them. Co3 sells a service that helps companies structure their response to data breaches and other adverse incidents. We also took the time to talk about the recent FTC Workshop on security and privacy on The […]

Continue Reading

Verizon: New Cloud Encryption Service Will Secure IoT Devices

Identity is one of the biggest challenges facing companies that are deploying products for the “Internet of Things,” as well as traditional enterprises that find IoT technologies of all types knocking at the door. The question, in short, is “how do I know that this device is legitimate, and ties back to an identity that I trust with access to my network resources and data? Of course, identity management has always been an aching problem in the enterprise space. The problem with the IoT is scale – given the sheer size of the IoT (30 billion connected devices by 2020), you can add a few “zeros” onto the number of devices that could, potentially, be seeking access to your network at any time. [Related read: Identity Management’s Next Frontier: The Interstate] It makes sense that, in a distributed environment like that, the cloud may be the best place to address […]

Continue Reading

At FTC Forum, Experts Wonder: Is Privacy Passé?

The U.S. Federal Trade Commission (FTC) used a one-day workshop to highlight security and privacy issues prompted by so-called “Internet of Things.” But attendees at the event may have walked away with a more ambiguous message, as prominent technologists and industry representatives questioned whether conventional notions of privacy had much relevance in a world populated by billions of Internet-connected devices. “I don’t feel like privacy is dead,” keynote speaker Vint Cerf, a Vice President and Chief Internet Evangelist at Google, told an audience at the FTC workshop. “I do feel like privacy will be increasingly difficult for us to achieve,” Cerf warned. And Cerf wasn’t alone in wondering whether that might not be such a bad thing – or even that unusual. “Is privacy an anomaly?” Cerf wondered aloud, recalling his experience living in a small, German town where the “postmaster knew what everyone was doing.” Our modern concept of being ‘alone […]

Continue Reading

ThingWorx Says IoT Marketplace Will Speed Adoption

ThingWorx, the ‘platform as a service’ (PaaS) vendor, has made empowering the Internet of Things (or Internet of Everything) its rallying cry. Now the company says it is the first to market with an IoT “marketplace” that it claims will speed development of smart, connected products. The company announced ThingWorx Marketplace at Salesforce.com’s “Dreamforce” event in San Francisco on Monday. The new platform will allow ThingWorx and third party firms to offer “components and services” that are needed to build full-featured IoT applications. Those may be things like new kinds of sensors, widgets, device connectors, protocol adapters, hooks into device clouds or integrations with enterprise management platforms, according to a ThingWorx statement. The platform will be accessible by ThingWorx partners, independent hardware and software vendors, and third party developers, the company said.  Enterprises will be able to deploy private instances of the Marketplace to host internally developed applications, application templates, analytics, […]

Continue Reading

Malware Supply Chain Links Eleven Attacks

Fresh off their discovery of a previously unknown (‘zero day’) security hole in Microsoft’s Internet Explorer web browser, researchers at the security firm Fireeye say that they have evidence that a string of sophisticated attacks have a common origin. In a report released on Monday (PDF), the firm said that many seemingly unrelated cyber attacks identified in the last year appear to be part of a “broader offensive fueled by a shared development and logistics infrastructure” — what Fireeye terms a ‘supply chain’ for advanced persistent threat (APT) attacks. At least 11 APT campaigns targeting “a wide swath of industries” in recent months were found to be built on a the same infrastructure of malicious applications and services, including shared malware tools and malicious binaries with the same timestamps and digital certificates. “Taken together, these commonalities point to centralized APT planning and development,” Fireeye wrote. The attacks link at least 11 separate […]

Continue Reading
1 123 124 125 126 127 148