0

Can government really fix the IoT mess?

The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses.Its almost magical benefits are well documented and well advertised – self-driving cars and the ability to lock or unlock doors or adjust a home thermostat from hundreds of miles away were fantasies only a few years ago. But its billions of connected devices are so lacking in security that they are putting not only individual users at risk, but public and private infrastructure as well, including the infrastructure of the internet itself.To read this article in full or to leave a comment, please click here

0

Can government really fix the IoT mess?

The private sector often views government as the problem, not the solution. But, in the view of a growing number of experts, the opposite is true when it comes to addressing the rampant and increasing security risks of the Internet of Things (IoT).While it is not a unanimous view, there is general agreement that the blessings the IoT brings to modern life are being undermined by its curses – and that the market will not correct those curses.Its almost magical benefits are well documented and well advertised – self-driving cars and the ability to lock or unlock doors or adjust a home thermostat from hundreds of miles away were fantasies only a few years ago. But its billions of connected devices are so lacking in security that they are putting not only individual users at risk, but public and private infrastructure as well, including the infrastructure of the internet itself.To read this article in full or to leave a comment, please click here

0

T-Mobile’s Legere ‘rescues’ volunteer fire department, sticks finger in Verizon’s eye

Ever a social-media showman and tormenter of his competitors, T-Mobile CEO John Legere last night took to Twitter to lambaste Verizon’s decision to ding a volunteer fire company for $73,000 and offered to pick up that tab himself if necessary. And we don’t even know if the ponies played a part. Legere made his pledge on Twitter in response to yesterday’s Buzzblog post about a tiff between Verizon and the Chincoteague Volunteer Fire Company, which serves an island town of 3,000 in Virginia and is renowned for being caretakers of a herd of 150 wild horses, the Chincoteague Ponies, that has been the subject of a popular children’s book and movie. Legere’s tweet:To read this article in full or to leave a comment, please click here

0

T-Mobile’s Legere ‘rescues’ volunteer fire department, sticks finger in Verizon’s eye

Ever a social-media showman and tormenter of his competitors, T-Mobile CEO John Legere last night took to Twitter to lambaste Verizon’s decision to ding a volunteer fire company for $73,000 and offered to pick up that tab himself if necessary. And we don’t even know if the ponies played a part. Legere made his pledge on Twitter in response to yesterday’s Buzzblog post about a tiff between Verizon and the Chincoteague Volunteer Fire Company, which serves an island town of 3,000 in Virginia and is renowned for being caretakers of a herd of 150 wild horses, the Chincoteague Ponies, that has been the subject of a popular children’s book and movie. Legere’s tweet:To read this article in full or to leave a comment, please click here

0

Packet Blast: Top Tech Blogs, Jan. 6

0

When anti-malware vendors get into a slap fight, users lose

All is quiet on the Microsoft front, but there are other technology issues to address, which I will be doing in the next few blogs. The first is about a battle between two anti-malware vendors: PC Pitstop and Malwarebytes. --------------------------------------------------------Most software markets tend to consolidate around a handful or even one or two vendors. How many competitors are there for Photoshop, after all? But there are two markets that thrive and have a large number of players: gaming and anti-virus/anti-malware. It started about a month ago. On Dec. 7, PC Pitstop, maker of the PC Matic repair software and those obnoxious TV commercials, posted a ransomware test performed by AV Comparatives that included its PC Matic product and its many competitors, including Malwarebytes, the latter included for the first time. To read this article in full or to leave a comment, please click here

0

When anti-malware vendors get into a slap fight, users lose

All is quiet on the Microsoft front, but there are other technology issues to address, which I will be doing in the next few blogs. The first is about a battle between two anti-malware vendors: PC Pitstop and Malwarebytes. --------------------------------------------------------Most software markets tend to consolidate around a handful or even one or two vendors. How many competitors are there for Photoshop, after all? But there are two markets that thrive and have a large number of players: gaming and anti-virus/anti-malware. It started about a month ago. On Dec. 7, PC Pitstop, maker of the PC Matic repair software and those obnoxious TV commercials, posted a ransomware test performed by AV Comparatives that included its PC Matic product and its many competitors, including Malwarebytes, the latter included for the first time. To read this article in full or to leave a comment, please click here

0

IDG Contributor Network: Using artificial intelligence to teach computers to see

Creating a self-driving car should not be difficult, but it’s taking a while. Autonomous vehicles have been making headlines for years now, yet few of us have ever been in one or even seen one. We know that flying planes is more difficult than driving cars, yet pilots have enjoyed autopilot for decades. What gives?The answer is clear, or more precisely, clear vision. Pilots have used autopilot for decades in clear, open skies. Roads are more complex.The actual mechanics of operating a vehicle (accelerating, braking, steering, etc.) are all well understood and programmable. Most of the rules and logic of driving are programmable, too. But understanding and instructing vision is very complex. The good news is that incredible progress is being made, and the technology will have far-reaching implications.To read this article in full or to leave a comment, please click here

0

Samsung expects big profit despite Note7 crisis

The financial impact of the Note7 recall seems to be largely behind Samsung Electronics, which on Friday forecast that its profit has grown year-on-year by close to 50 percent in the fourth quarter.A major proportion of the profit of the largest smartphone company is expected to come from components such as memory chips and display panels, rather than from smartphones, according to analysts, a shift that was noticed in the third quarter as well."They were fortunate that their memory and displays businesses could offset the doom and gloom resulting from the Note 7 debacle last quarter," said Bryan Ma, vice president for devices research at IDC.To read this article in full or to leave a comment, please click here

0

Notes about the FTC action against D-Link

Today, the FTC filed a lawsuit[*] against D-Link for security problems, such as backdoor passwords. I thought I'd write up some notes.

The suit is not "product liability", but "unfair and deceptive" business practices for promising "security". In addition, they interpret "security" different from the cybersecurity community.

This needs to be stressed because right now in our industry, there is a big discussion of product liability, insisting that everything attached to the Internet needs to be secured. People will therefore assume the FTC action is based on "liability".

Instead, all six counts are based upon the fact that D-Link offers its products for securing networks, and claims they are secure. Because they have backdoor passwords, clear-text passwords, command-injection bugs, and public private-keys, the FTC feels the claims of security to be untrue.

The key point I'm trying to make is that D-Link can resolve the suit (in theory) by simply removing all claims of "security". Sure, it can claim it supports stateful-inspection firewalls and WPA2, but not things like "WPA2 security". (Sure, the FTC may come back with a new lawsuit -- but it would solve the points raised in this one).

On the other hand, while "deception" Continue reading

0

Profs: you should use JavaScript to teach Computer Science

Universities struggle with the canonical programming language they should teach students for Computer Science. Ideally, as they take computer science classes, all the homework assignments and examples will be in the same language. Today, that language is usually Java or Python. It should be JavaScript.

0

FBI dispute with DNC over hacked servers may fuel doubt on Russia role

The FBI may have been forced into a misstep when investigating whether Russia hacked the Democratic National Committee -- the agency never directly examined the DNC servers that were breached.Instead, the FBI had to rely on forensic evidence provided by third-party cybersecurity firm CrowdStrike, which the DNC hired to mitigate the breach.“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed,” the agency said on Thursday in a statement.The incident threatens to spark more skepticism over whether the U.S. properly arrived at its conclusion that Russian cyberspies were responsible for the breach.To read this article in full or to leave a comment, please click here

0

FBI dispute with DNC over hacked servers may fuel doubt on Russia role

The FBI may have been forced into a misstep when investigating whether Russia hacked the Democratic National Committee -- the agency never directly examined the DNC servers that were breached.Instead, the FBI had to rely on forensic evidence provided by third-party cybersecurity firm CrowdStrike, which the DNC hired to mitigate the breach.“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed,” the agency said on Thursday in a statement.The incident threatens to spark more skepticism over whether the U.S. properly arrived at its conclusion that Russian cyberspies were responsible for the breach.To read this article in full or to leave a comment, please click here

0

MP on Vertitech IT’s “Best IT Blogs 2017”

This is a quick post to say thanks to the folks at Vertitech IT for listing movingpackets.net among their Best IT Blogs for 2017 (“Must-Read Resources for CIOs, IT & Security Pros”).

In their own words:

VertitechIT’s top 50 IT blogs were selected because they are among the most current, frequently updated, credible, and informative sources of information related to IT on the web today. From musings of industry leaders, to the veteran guys and gals in the trenches who chronicle their IT journeys, these 50 blogs all have something important to say about the IT world of today, and tomorrow.

Vertitech’s list is definitely worth a browse; I’m very flattered to be listed in such amazing company. I was also delighted to see that NetworkingNerd, Jeremy Stretch and Chris Wahl were featured as well; are all blogs I follow from people I respect.

Some other highlights include Cisco, Gigaom, the Forrester Blog for CIOs, Solarwinds’ Geek Speak (for whom – along with other contributors – I have written a number of blog posts), SC Magazine and TechCrunch Enterprise.

I’m delighted to even be on the same page as these other outlets. Go check the list out and perhaps you’ll also find some great Continue reading

0

A new Wi-Fi spec will help smart homes run like clockwork

Wi-Fi is an obvious candidate for connecting almost any device that can be plugged into a wall, because it’s already running in nearly every home that has broadband. But can all those products work in lockstep when timing matters, like while video and audio are streaming on several devices?The Wi-Fi Alliance says it has a way to make sure they do. On Thursday at CES, the industry group announced Wi-Fi Certified TimeSync, a specification for precise time synchronization among Wi-Fi devices. It’s expected to be available in the middle of this year.When Wi-Fi began as a wireless way to send packets of data between computers, synchronized clocks didn’t matter. When the packets arrived, the screen appeared or the page was printed. But now that Wi-Fi has a growing role in home entertainment, timing matters.To read this article in full or to leave a comment, please click here

0

KillDisk cyber sabotage tool evolves into ransomware

A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.KillDisk was one of the components associated with the Black Energy malware that a group of attackers used in December 2015 to hit several Ukrainian power stations, cutting power for thousands of people. A month before that, it was used against a major news agency in Ukraine.Since then, KillDisk has been used in other attacks, most recently against several targets from the shipping sector, according to security researchers from antivirus vendor ESET.However, the latest versions have evolved and now act like ransomware. Instead of wiping the data from the disk, the malware encrypts it and displays a message asking for 222 bitcoins to restore them. That's the equivalent of $216,000, an unusually large sum of money for a ransomware attack.To read this article in full or to leave a comment, please click here

0

KillDisk cyber sabotage tool evolves into ransomware

A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.KillDisk was one of the components associated with the Black Energy malware that a group of attackers used in December 2015 to hit several Ukrainian power stations, cutting power for thousands of people. A month before that, it was used against a major news agency in Ukraine.Since then, KillDisk has been used in other attacks, most recently against several targets from the shipping sector, according to security researchers from antivirus vendor ESET.However, the latest versions have evolved and now act like ransomware. Instead of wiping the data from the disk, the malware encrypts it and displays a message asking for 222 bitcoins to restore them. That's the equivalent of $216,000, an unusually large sum of money for a ransomware attack.To read this article in full or to leave a comment, please click here

0

Microsoft is bundling cloud services to make cars smarter

CES has turned into the first car show of the year, with major automakers choosing to show off upcoming features in Las Vegas. Microsoft wants to help make cars more intelligent, and it unveiled a new suite of services Thursday to do so.The Connected Vehicle Platform brings together a smorgasbord of services from Microsoft, including Azure IoT Hub, Cortana Intelligence Suite, Microsoft Dynamics and many others. In addition, Office 365, Skype for Business and Cortana can be integrated with the platform.It’s not a surprising move. Microsoft frequently packages cloud services as suites, then markets them for kick-starting particular applications. Furthermore, the company has been saying for some time that its goal in car tech is to support carmakers rather than build its own connected cars.To read this article in full or to leave a comment, please click here

0

Why We Wear Seat Belts On Airplanes

This post is inspired by Matt Simmons‘ fantastic post on why we still have ashtrays on airplanes, despite smoking being banned over a decade ago. This time, I’m going to cover seat belts on airplanes. I’ve often heard people balking at the practice for being somewhat arbitrary and useless, much like balking at turning off electronic devices before takeoff. But while some rules in commercial aviation are a bit arbitrary, there is a very good reason for seat belts.

In addition to being a very, very frequent flier (I just hit 1 million miles on United), I’m also a licensed fixed wing pilot and skydiving instructor. Part of the training of any new skydiver is what we call the “pilot briefing”. And as part of that briefing we talk about the FAA rules for seat belts: They should be on for taxi, take-off, and landing. That’s true for commercial flights as well.

Some people balk at the idea of seat belts on commercial airliners. After all, if you fly into the side of a mountain, a seat belt isn’t going to help much. But they’re still important.

Your Seat Belt Is For Me, My Seat Belt Is For You

Continue reading

0

Let’s Encrypt with DANE

For many years we’ve seen Domain Name certificates priced as a luxury add-on, costing many times more than the original name registration fees. Let’s Encrypt has broken that model and now basic security is now freely available to anyone. But the CA model itself is not all that robust, and there are still some critical vulnerabilities that can be exploited by a well-resourced attacker. Adding DANE TSLA records to the DNS signed zone, and equipping user applications, such as browsers, with an additional DNS lookup to fetch and validate the TLSA record is a small step, but a significant improvement to the overall security picture.