On Friday, a series of distributed denial-of-service attacks hit Dyn, a company that provides a form of traffic control for popular websites, and interrupted some users’ access to sites including Github, Twitter, and Netflix. Since then, it has become clear that these attacks were made possible by security vulnerabilities in millions of devices within the Internet of Things. On Monday at the National Cyber Security Alliance’s Cybersecurity Summit in New York City, industry leaders from security firms, Internet service providers, and device manufacturers fretted over the implications. Panelists spoke about the existential dangers that companies in the fast-growing IoT sector face if they continue to fail to secure these devices and debated ways in which the industry can improve security within this ecosystem. “Friday showed us that the genie is well out of the bottle at this point,” said Andrew Lee, CEO at security company ESET North America. “This should … [Read more...] about Which Path to IoT Security? Government Regulation, Third-Party Verification, or Market Forces
National home security month
A new study from the Consumer Electronics Association found that energy efficiency technologies are the most popular amongst home automation options in American houses. Programmable and/or smart thermostats beat out home security and entertainment automation for the top honor, with 47 percent of households saying they had at least one. The findings, which come from an online survey of about 1000 people, would seem to be a win for energy efficiency. But most of the homes had programmable thermostats, which are often used incorrectly, if at all. One study from Lawrence Berkley National Laboratory [PDF] found that 89 percent of survey respondents rarely or never used the thermostat to set a weekday or weekend program. Seventy percent were not set at all. Programmable thermostats have been around for more than 30 years, but a new generation of smart thermostats that connect with smartphones and the Internet make programming far easier. Not only is the interface easier to use but some … [Read more...] about Is Energy Efficiency the Most Popular In-Home Automation?
Things seem to be getting back on track with Sony’s Playstation 3 empire in the wake of this year’s catastrophic data breach, and now the company is taking some interesting steps to prevent such an incident from happening again.According to Reuters, Sony Corp has hired former U.S. Department of Homeland Security officer Philip Reitinger, who previously served as director of the U.S. National Cyber Security Center. Reitinger will become the company’s new chief information security officer —- a position created in the aftermath of a cyber attack that released information from 100 million Playstation Network user accounts.“Certainly the network issue was a catalyst for the appointment,” stated a Sony spokesman. “We are looking to bolster our network security even further.”While the value of Sony shares has fallen dramatically since the attack was revealed in April, Sony CEO Howard Stringer recently reported that the Playstation Network has … [Read more...] about Sony hires former Homeland Security officer in wake of Playstation data breach
Like a modern proof of Newton’s Third Law of Motion – for every action there is an equal and opposite reaction – as more people cut the cord between them and their cable and satellite providers, those providers look for ways to retain customers and bring new customers into the fold. To maintain this delicate Yin and Yang balance (and, you know, make money), Warner and Comcast are looking beyond their traditional cable, telephone and Internet service offerings and getting into the world of security and automation.Time Warner’s system, called IntelligentHome, is rolling out nationally and, according to Time Warner’s Website, “puts you in control of your home like never before.” Comcast is offering similar packages with its XFINITY Home Control and Home Secure systems.Considering most of our relationships with most of our cable companies, it would be understandable if the idea of giving them even more control of your home gave you the malaria … [Read more...] about Honey! The Cable Company Wants To Automate Our Home!
The only figure that is larger than the 81 percent of home PCs that lack critical security applications such as anti-virus, anti-spyware or firewall software is the 83 percent of home PC users who falsely believe they are safe from online theft of information and identity, according to AOL's latest Online Safety study.The survey indicated phishing attacks -- bogus e-mails that sites masquerade as legitimate correspondence and link to bogus sites -- impact one in four Americans each month, with one in five knowing a friend or family member victimized by identity theft.What was perhaps most troubling about the latest AOL/National Cyber Security Alliance (NCSA) Online Safety Study is the revelation that 70 percent of consumers who receive phony e-mails believe they are from legitimate companies, rather than the online criminals who cast wide phishing nets to snare enough consumers to make the crime profitable.AOL, which conducted interviews with adult dialup and broadband PC users, … [Read more...] about AOL Reports Imperiled User Security
For months, the security community has been waving a red flag about how the nascent Internet of Things could become a cybercriminal's paradise. Last week, those admonitions were given some credence when the Federal Trade Commission recommended that the makers of IoT gadgets adopt some "best practices" to protect consumers from potential violations of their privacy and security.In its report, the agency noted that the IoT is already impacting the daily lives of millions of Americans through the adoption of health and fitness monitors, home security devices, connected cars, household appliances and other applications.Such devices offer the potential for improved health-monitoring, safer highways, and more efficient home energy use, among other potential benefits, the report added. However, it also warned that connected devices raise numerous privacy and security concerns that could undermine consumer confidence."The only way for the Internet of Things to reach its full potential for … [Read more...] about SPOTLIGHT ON SECURITY Is the FTC Jumping the Gun on IoT Security?
The U.S. Department of Homeland Security this month will start sharing threat information with a small number of hand-picked companies under the newly enacted Cybersecurity Information Sharing Act.DHS hopes to collect threat indicators from companies and redistribute them to other companies so everyone gets a better view of threats and can use that knowledge to bolster defenses.The CISA removed a significant obstacle to that kind of sharing: liability. Now companies don't have to sweat the risk of lawsuits for sharing information with Uncle Sam."Taking the liability issue out of the road is a huge step forward," said Kobi Freedman, CEO ofComilion.Nevertheless, companies may be reluctant to share data with DHS. At a recent CIO conference, a little more than half of the execs (58 percent) said CISA would make it more likely for them to share information with the feds."There is a lot of concern about the ability of DHS to reshare data with other law enforcement agencies if the data being … [Read more...] about SPOTLIGHT ON SECURITY DHS Ready to Share Intelligence With Private Sector
If you want to reach Jim Walden by email, you'll have to ping him atwork. Three months ago, he ditched his personal emailaccount because he was concerned about the security implications.Walden knows security. He's currently the cochair of the white collar practice at Gibson, Dunn & Crutcher and once served as chief of the computer crimes and intellectual property section in the U.S. Attorney's Office for the Eastern District of New York.Unlike some professionals, Walden never emailed confidential documents to his home account. His concern was that his own personal information that could possibly be maintained on a server outside his control. "So I gave it up -- it makes me feel easier," he told TechNewsWorld.In short, Walden actually practices what he preaches: Maintain vigilancewith home security applications. Practice safe computing. Never send anything confidential unless it is in a password-protected encrypted format that the IT department structured. Double delete -- always … [Read more...] about Security Experts at Home: No Downtime
The padlock on a browser's address bar is supposed to give Net travelers some security in insecure virtual space, but that's not always the case. Some dangerous flaws lurk behind the padlock.They can weaken the effectiveness of encrypted Internet connections and compromise TLS/SSL processes, including domain validation, end-to-end encryption, and the chains of trust certificate authorities have put in place, Google points out at its SSL certificate transparency website.The flaws leave the doors open for a wide range of security attacks, including website spoofing, server impersonation and man-in-the-middle attacks, the company said.In the past, there hasn't been a way to determine what SSL certificates a certificate authority has issued. That creates a problem because all certificates are trusted by a Web browser no matter who issues it -- even though some CAs may have better security and fraud controls than others."There are over 300 certificate-issuing authorities, and they're not … [Read more...] about SPOTLIGHT ON SECURITY Google Pushes Transparency for SSL Certificates
Smartphones hacked to run unauthorized programs or unlock features are being targeted by hackers and can pose a threat to enterprise networks, warned Marble Security.Modifying a smartphone to enable unauthorized behavior -- called "rooting" in the Android world and "jailbreaking" in the iOS realm -- makes the mobile vulnerable to infected jammer software, the firm said.After jailbreaking or rooting a phone, a user may not be able to use it at work because networks often contain security tools that reject modified phones. To skirt those security measures, a user will install jammer software to hide the fact that a phone is modified."A significant percentage of jailbroken and rooted phones have these jammers," Marble Chairman and CTO Dave Jevans told TechNewsWorld."We're starting to see them included in rooting and jailbreaking kits," he added.With organizations increasingly allowing employees to use their own devices to perform corporate chores, jammers can pose a serious threat to an … [Read more...] about SPOTLIGHT ON SECURITY Jailbroken Phones Targeted by Hacker Jammers