Security

127 articles
The Role of System Updates in IoT

The Role of System Updates in IoT

By Tim Radzykewycz In the brave new world that the Internet of things (IoT) is shaping, operational technology (OT) and information technology (IT) are quickly converging. Up until now, IT was seen as defining a restricted range of technologies pertaining to information processing, mainly generating and communicating data. OT was the domain of machinery, mainly physical equipment that was doing…
Develop. Deploy. Defend.

Develop. Deploy. Defend.

By Davide Ricci The factory floor is geting a makeover with intelligent connected devices. The server room is no longer a stuffy place. A majority of enterprises are strategically on the Internet of Things (IoT) path, and the developer ecosystem is rapidly changing as well.  It seems we’re well on the way to reach industry forecast of 200 billion connected…
Sealing data with TPM on VxWorks

Sealing data with TPM on VxWorks

    By Ka Kay Achacoso VxWorks support for data protection makes use of the Trusted Platform Module (TPM), a secure cryptoprocessor used to establish root of trust in security systems.  TPMs can be used in several security processes, including local attestation and remote attestation.  This blog entry focuses on a different aspect:  using a TPM as a root of…
Aviation Electronics Europe 2016

Aviation Electronics Europe 2016

By Paul Parkinson Recently, I attended the Aviation Electronics Europe 2016 conference, which was held in Munich again after the successful conference in 2015. The theme of this year’s conference was ‘International Avionics Challenges – Integrating the Single Sky’, and there were a number of presentations about the advances in aeronautical communications, navigation and surveillance systems (CNS) to enable air…
Security Vulnerabilities with Fingerprinting: Linux Considerations

Security Vulnerabilities with Fingerprinting: Linux Considerations

By  Tim Radzykewycz Various tools, such as nmap, can be used to help determine what operating system a particular computer is running, based on the network responses it generates to crafted network probes. This is called “fingerprinting.” Fingerprinting is a security concern.  It doesn't make it possible to exploit anything that isn't already exploitable.  However, it significantly trims the search…
Are you DROWNing?

Are you DROWNing?

By Mark Hatle An attack on the SSLv2 protocol, was disclosed this week by security researchers. Visit https://drownattack.com if you want to get straight to the scoop. This is yet another in a long string of attacks on the SSLv2 protocol, including the well publicized Heartbleed issue from a few years ago. This protocol was considered to be so insecure…
What is CVE-2015-7547?

What is CVE-2015-7547?

By Andreea Volosincu Some of the uncovered common vulnerabilities capture the world’s attention to the point of being attributed a nickname (e.g. heartbleed). Others are fixed and get popular just in engineering circles. CVE-2015-7547 is one for engineers to know about. The latest reported common vulnerability has not received a nickname, but this is not to say CVE-2015-7547 isn’t important. Exploring…
2nd International Workshop on MILS

2nd International Workshop on MILS

By Paul Parkinson Earlier this week, I had the opportunity to attend the 2nd International Workshop on MILS: Architecture and Assurance for Secure Systems in Prague, which was organised by the EURO-MILS consortium​, and was co-hosted with the HiPEAC 2016 conference​​ on computing architecture, programming models, compilers and operating systems for embedded and general-purpose architecture. I was very interested to…
Wind River VxWorks: Update/Clarification

Wind River VxWorks: Update/Clarification

By Dinyar Dastoor Wind River’s flagship VxWorks product is a leading real-time embedded operating system (RTOS) used widely in devices around the world for the last 25 years.  Recently at a conference in London, a researcher presented a paper on a potential device vulnerability found in VxWorks.  The potential vulnerability is present when, and only when, the optional RPC (Remote…
Whitelisting as a key weapon in the battle for embedded device security

Whitelisting as a key weapon in the battle for embedded device security

By Ido Sarig If you are an embedded software developer involved IoT projects , you’ve no doubt read the recent warning issued by the Federal Trade Commission  about cybersecurity risks associated with the hyper growth of smart devices being connected to the internet. Indeed, you have to be living on another planet if you have not heard about the security…