Security

127 articles
What is the Response to Security Incidents in the Embedded World?

What is the Response to Security Incidents in the Embedded World?

By Tim Radzykewycz It is simply a reality that no computer system is impervious to threat or some sort of compromise.  However, it is an industry best practice to deploy Intrusion Detection Systems (IDS) to detect intrusions, have rapid access to an Incident Response Team (IRT) to investigate the intrusion, and have a plan on how to deal with certain,…
IoT Security – The Next Generation of Social Responsibility

IoT Security – The Next Generation of Social Responsibility

By Neil McLellan In response to recent events, the White House and the National Institute of Standards and Technology (NIST) have just released the much awaited and polished guidance around cyber security for the Internet of Things (IoT). Over the past several months, connected devices have been the focal point after several crippling attacks on various ISPs, known as distributed…
Prevent human error in security: Dave meet STIG, STIG meet Dave

Prevent human error in security: Dave meet STIG, STIG meet Dave

By Tim Radzykewycz Recently, I ran across a cartoon about software security by John Klossner.  It shows a boxing ring, with assorted security software in one corner, and in the other corner was a guy wearing a shirt labelled "Human Error."  I had seen this cartoon before.  But for some reason, it touched off a reaction this time. Credit: 2006…
Software Containment in VxWorks:  VxPOD – A Separation Alternative to Virtualization

Software Containment in VxWorks: VxPOD – A Separation Alternative to Virtualization

By Ka Kay Achacoso The challenge in hardware consolidation for real-time embedded systems is ensuring that sub-systems don’t interfere with each other.   To take advantage of the space and hardware cost reduction that comes with hardware consolidation, some systems use virtualization technology to separate sub-systems from each other.  With Virtualization, a hypervisor is run either on the hardware (Type 1…
When is an IoT Botnet not an IoT Botnet?

When is an IoT Botnet not an IoT Botnet?

By Mychal McCabe IoT botnets continue to make news, with new strains of malware infecting a range of internet-connected devices and then using those devices to participate in historically large distrubuted denial of service (DDoS) attacks. By some estimates the Mirai strain of malware has infected over one million devices since it emerged, with more to come following its release…
Immunization Against the IoT Zombie Horde

Immunization Against the IoT Zombie Horde

By Alex deVries and Tim Skutt IoT zombies are out there. There are a lot of them. We won’t be rid of them soon. They will be reaching out to your device, so it’s important to take steps now to immunize it so your device won’t suffer. In a previous blog, “IoT Zombies are Eating the Internet,” we dug into recent…
IoT Zombies are Eating the Internet

IoT Zombies are Eating the Internet

By Alex deVries and Tim Skutt Distributed denial of service (DDoS) attacks have always been a problem for popular hosted sites, but the ones from the last few weeks are different. The first one to make the news was Brian Krebs’ krebsonsecurity.com, one of the most comprehensive security news sites today. The DDoS attack was on the order of 620Gbps,…
Mitigating the IoT Attack Surface

Mitigating the IoT Attack Surface

By Neil McLellan  Modern day use cases for “IoT-like” applications date back to the earliest days of manned space flight for monitoring astronaut vital signs and shuttle telemetry – mission critical data points transmitted across a dedicated network. Beyond dedicated and specialized networks, technology once leveraging PSTN has now converged on the global IP network. The public internet has evolved…
Automotive networks can benefit from security layers

Automotive networks can benefit from security layers

By Tim Radzykewycz Last year, at the Black Hat conference in Las Vegas, Charlie Miller and Chris Valasek reported their security research on a Jeep Cherokee.  They were able to remotely break into the system and take control of steering, brakes, and other safety critical systems on the vehicle, as well as systems not normally considered safety critical such as…
From Mars to Earth, Wind River Is Applying Three Decades of Experience to Thwart Vehicle Hacking

From Mars to Earth, Wind River Is Applying Three Decades of Experience to Thwart Vehicle Hacking

By Marques McCammon Imagine you’re driving a two-ton SUV that’s traveling 70 miles-per-hour on the highway when suddenly, beyond your control, the air-conditioner fan starts blasting, the radio blares, windshield wipers whoosh back-and-forth and then the engine shuts down just as you approach a steep incline. That’s what happened last summer to Wired's Andy Greenberg when cyber security researchers remotely commandeered…