Security

130 articles
Mitigating the IoT Attack Surface

Mitigating the IoT Attack Surface

By Neil McLellan  Modern day use cases for “IoT-like” applications date back to the earliest days of manned space flight for monitoring astronaut vital signs and shuttle telemetry – mission critical data points transmitted across a dedicated network. Beyond dedicated and specialized networks, technology once leveraging PSTN has now converged on the global IP network. The public internet has evolved…
Automotive networks can benefit from security layers

Automotive networks can benefit from security layers

By Tim Radzykewycz Last year, at the Black Hat conference in Las Vegas, Charlie Miller and Chris Valasek reported their security research on a Jeep Cherokee.  They were able to remotely break into the system and take control of steering, brakes, and other safety critical systems on the vehicle, as well as systems not normally considered safety critical such as…
From Mars to Earth, Wind River Is Applying Three Decades of Experience to Thwart Vehicle Hacking

From Mars to Earth, Wind River Is Applying Three Decades of Experience to Thwart Vehicle Hacking

By Marques McCammon Imagine you’re driving a two-ton SUV that’s traveling 70 miles-per-hour on the highway when suddenly, beyond your control, the air-conditioner fan starts blasting, the radio blares, windshield wipers whoosh back-and-forth and then the engine shuts down just as you approach a steep incline. That’s what happened last summer to Wired's Andy Greenberg when cyber security researchers remotely commandeered…
The Role of System Updates in IoT

The Role of System Updates in IoT

By Tim Radzykewycz In the brave new world that the Internet of things (IoT) is shaping, operational technology (OT) and information technology (IT) are quickly converging. Up until now, IT was seen as defining a restricted range of technologies pertaining to information processing, mainly generating and communicating data. OT was the domain of machinery, mainly physical equipment that was doing…
Develop. Deploy. Defend.

Develop. Deploy. Defend.

By Davide Ricci The factory floor is geting a makeover with intelligent connected devices. The server room is no longer a stuffy place. A majority of enterprises are strategically on the Internet of Things (IoT) path, and the developer ecosystem is rapidly changing as well.  It seems we’re well on the way to reach industry forecast of 200 billion connected…
Sealing data with TPM on VxWorks

Sealing data with TPM on VxWorks

    By Ka Kay Achacoso VxWorks support for data protection makes use of the Trusted Platform Module (TPM), a secure cryptoprocessor used to establish root of trust in security systems.  TPMs can be used in several security processes, including local attestation and remote attestation.  This blog entry focuses on a different aspect:  using a TPM as a root of…
Aviation Electronics Europe 2016

Aviation Electronics Europe 2016

By Paul Parkinson Recently, I attended the Aviation Electronics Europe 2016 conference, which was held in Munich again after the successful conference in 2015. The theme of this year’s conference was ‘International Avionics Challenges – Integrating the Single Sky’, and there were a number of presentations about the advances in aeronautical communications, navigation and surveillance systems (CNS) to enable air…
Security Vulnerabilities with Fingerprinting: Linux Considerations

Security Vulnerabilities with Fingerprinting: Linux Considerations

By  Tim Radzykewycz Various tools, such as nmap, can be used to help determine what operating system a particular computer is running, based on the network responses it generates to crafted network probes. This is called “fingerprinting.” Fingerprinting is a security concern.  It doesn't make it possible to exploit anything that isn't already exploitable.  However, it significantly trims the search…
Are you DROWNing?

Are you DROWNing?

By Mark Hatle An attack on the SSLv2 protocol, was disclosed this week by security researchers. Visit https://drownattack.com if you want to get straight to the scoop. This is yet another in a long string of attacks on the SSLv2 protocol, including the well publicized Heartbleed issue from a few years ago. This protocol was considered to be so insecure…
What is CVE-2015-7547?

What is CVE-2015-7547?

By Andreea Volosincu Some of the uncovered common vulnerabilities capture the world’s attention to the point of being attributed a nickname (e.g. heartbleed). Others are fixed and get popular just in engineering circles. CVE-2015-7547 is one for engineers to know about. The latest reported common vulnerability has not received a nickname, but this is not to say CVE-2015-7547 isn’t important. Exploring…