Researchers at the Black Hat 2015 conference next week will show how to crack Internet routing protocols, malware-detecting honeypots, radio-frequency ID gear that gates building access, and more, but also offer tips on how to avoid becoming victims to their new attacks.A pair of researchers will release a hardware device that exploits weaknesses in RFID access controls and show how to use it to break into buildings. The device exploits the communication protocol used by most access-control systems, according to the team, Eric Evenchick, a freelance developer, and Mark Baseggio, a security consultant for Accuvant.+ ALSO ON NETWORK WORLD: The Black Hat Quiz 2014 +To read this article in full or to leave a comment, please click here
Next-generation endpoint protection vendor SentinelOne has received the same certification that many traditional antivirus platforms seek, meaning it can be considered suitable for meeting certain requirements of industry and governmental regulations.The company’s new endpoint protection platform, called EPP, has won an Approved Corporate Endpoint Protection seal of approval from AV-Test, a firm that evaluates and certifies a range of security products. The seal of approval means the device meets AV-Test standards, and those standards carry weight in determining whether corporate defenses comply with regulations.+More on Network World: Next-generation endpoint protection not as easy as it sounds+To read this article in full or to leave a comment, please click here
Rather than looking for signatures of known malware as traditional anti-virus software does, next-generation endpoint protection platforms analyze processes, changes and connections in order to spot activity that indicates foul play and while that approach is better at catching zero-day exploits, issues remain.For instance, intelligence about what devices are doing can be gathered with or without client software. So businesses are faced with the choice of either going without a client and gathering less detailed threat information or collecting a wealth of detail but facing the deployment, management and updating issues that comes with installing agents.To read this article in full or to leave a comment, please click here
Next-gen endpoint protection vendor CrowdStrike has landed $100 million in new investments to beef up sales and engineering and continue its push to make anti-virus software obsolete.The company will hire at least another 70 people to boost its engineering staff as well as expand its operations outside North America. The company has about 210 employees now, says CEO George Kurtz.+ ALSO ON NETWORKWORLD: Hottest network and computing startups of 2015 +The new funding pushes total investment in the company to $156 million and makes it the first security company that Google Capital has invested in. Also participating in this C Round of funding is Rackspace, Accel Partners and Warburg Pincus.To read this article in full or to leave a comment, please click here
The Internet of Things is talked about a lot and many people are unsure what it really is, but at DEF CON 23 this summer in Las Vegas, that should become a lot more clear as attendees compete to hack IoT devices.“Pwning IoT via Hardware Attacks” is a competition starting this year as part of IoT Village, a new sector of the conference focusing on security of proliferating device such as sensors, meters, industrial controls and smart appliances.A LOOK BACK: Leftovers of Black Hat, Defcon
As part of the village attendees can enter their successful compromises against IoT devices in an attempt to win prizes. The entries will be judged on the severity of the compromise – how thoroughly a machine is taken over – and how it can be accessed, such as remotely or without being detectable, says Chase Schultz, a security researcher for Independent Security Evaluators (ISE), which is organizing the competition.To read this article in full or to leave a comment, please click here
Bitglass has boosted the protection it offers cloud-based applications, now supporting fully searchable AES 256 encryption without degrading the speed of searches.The company has received a U.S. patent on the technology it is using to deliver the searchable encryption and that is now available through its security-brokering service.The service is designed for corporate customers who want to use cloud software as a service (SaaS) but who don’t want their data stored unsecured in the cloud.A gateway on customers’ sites encrypts data that is headed to the cloud, then uploads only an encryption prefix or handle to the cloud itself. When an authorized person wants to use the cloud app, the app sends down the handle to the gateway. The gateway uses the handle as an index to find the full version of the encrypted data and decrypts it.To read this article in full or to leave a comment, please click here
Expect vendors soon to introduce devices with three forms of wireless support to Fast Identity Online (FIDO) two-factor authentication.
The FIDO Alliance today is issuing a new specification for FIDO to support Bluetooth, low-energy Bluetooth (BLE) and near field communications (NFC) wireless technologies in two-factor authentication tokens, according to FIDO Alliance executive director Brett McDowell.
That means the alliance recommends that device manufacturers use the spec to start producing and selling these wireless devices.MORE: 10 mobile startups to watch
Existing FIDO specs already defined how to make authentication tokens that can be plugged into USB ports. With the new specification these authentication devices would just have to be near a phone, tablet, laptop or desktop that also supports the same wireless technology and is trying to connect with a server that supports FIDO authentication. So devices without USB ports could still authenticate via FIDO.To read this article in full or to leave a comment, please click here
RobotsImage by National GeographicNational Geographic’s movie Robots is making its way around theaters - including 3D - this summer featuring a range of robots with skills from cleaning to dancing to acting. Here are a few of them and their talents. These copyrighted images were provided by National Geographic.To read this article in full or to leave a comment, please click here
What’s cool?The Internet of Things presents unique challenges to businesses considering the secure use of these devices. Gartner has taken a look at some of the vendors trying to address these concerns and has designated four of them cool. It’s not an exhaustive list, Gartner says, but it highlights interesting, new and innovative vendors, products and services.To read this article in full or to leave a comment, please click here
Palo Alto CEO Mark McLaughlin sat down recently to talk about a range of security issues with Network World Senior Editor Tim Greene. They discussed McLaughlin optimism about turning the tide on attackers, the evolution of his company’s next-generation firewall and how to secure the Internet of Things. Here is an edited transcript.To read this article in full or to leave a comment, please click here(Insider Story)
Corporate IT security pros need to consider the Internet of Things as a new and dangerous attack vector – oh, and we all should be particularly worried about the safety of our cars, says the top executive at Palo Alto Networks.“You need to be completely rethinking endpoint security and you need to be seeking out technology that will actually prevent things at endpoints before [malware] lands,” says Palo Alto CEO Mark McLaughlin in a recent interview with Network World.+ FULL INTERVIEW: Register to read the full transcript from the interview +To read this article in full or to leave a comment, please click here
Interop 2015: The quizIt’s time again for Interop, where the greatest networking minds in the world gather to find answers to their knottiest problems – security, storage, cloud services, mobility, virtualization, the Internet of Things – the list goes on and on. It’s also time for the Internet quiz, where the greatest minds in networking try to answer a few questions about the trade show in an effort to demonstrate their tech acumen and preparedness. Keep track of your answers as you go and see at the end how well you did.To read this article in full or to leave a comment, please click here
Bruce Schneier
Security expert Bruce Schneier has looked at and written about difficulties the Internet of Things presents - such as the fact that the “things” are by and large insecure and enable unwanted surveillance– and concludes that it’s a problem that’s going to get worse before it gets better.To read this article in full or to leave a comment, please click here
Corporate travelers should be warned that a Wi-Fi router commonly used in hotels is easily compromised, putting guests passwords at risk and opening up their computers to malware infections and direct attacks.The good news is that there is a patch for the flaw, but there is no guarantee affected hotels will install it right away.+ More on Network World: 10 young security companies to watch in 2015 +Cylance, a security vendor whose research team found the problem, says 277 InnGate routers in 29 countries are affected. The routers are made by ANTLabs.To read this article in full or to leave a comment, please click here
Corporate travelers should be warned that a Wi-Fi router commonly used in hotels is easily compromised, putting guests passwords at risk and opening up their computers to malware infections and direct attacks.The good news is that there is a patch for the flaw, but there is no guarantee affected hotels will install it right away.+ More on Network World: 10 young security companies to watch in 2015 +Cylance, a security vendor whose research team found the problem, says 277 InnGate routers in 29 countries are affected. The routers are made by ANTLabs.To read this article in full or to leave a comment, please click here
As the Internet of Things develops, most vendors that are making these things don’t make security their top priority, allowing business considerations to take precedent, according to a Gartner expert.“Some of the leading vendors that are developing products are making some effort to address security concerns, but Gartner believes the majority aren’t at this stage — convenience, user friendliness, time-to-market all win out over security at this point,” says Earl Perkins, a research vice president at Gartner.+ ALSO ON NETWORK WORLD The security implications of IoT: A roundtable discussion with four experts +To read this article in full or to leave a comment, please click here
Tim Greene