Security

162 articles
Are you DROWNing?

Are you DROWNing?

By Mark Hatle An attack on the SSLv2 protocol, was disclosed this week by security researchers. Visit https://drownattack.com if you want to get straight to the scoop. This is yet another in a long string of attacks on the SSLv2 protocol, including the well publicized Heartbleed issue from a few years ago. This protocol was considered to be so insecure…
What is CVE-2015-7547?

What is CVE-2015-7547?

By Andreea Volosincu Some of the uncovered common vulnerabilities capture the world’s attention to the point of being attributed a nickname (e.g. heartbleed). Others are fixed and get popular just in engineering circles. CVE-2015-7547 is one for engineers to know about. The latest reported common vulnerability has not received a nickname, but this is not to say CVE-2015-7547 isn’t important. Exploring…
2nd International Workshop on MILS

2nd International Workshop on MILS

By Paul Parkinson Earlier this week, I had the opportunity to attend the 2nd International Workshop on MILS: Architecture and Assurance for Secure Systems in Prague, which was organised by the EURO-MILS consortium​, and was co-hosted with the HiPEAC 2016 conference​​ on computing architecture, programming models, compilers and operating systems for embedded and general-purpose architecture. I was very interested to…
Wind River VxWorks: Update/Clarification

Wind River VxWorks: Update/Clarification

By Dinyar Dastoor Wind River’s flagship VxWorks product is a leading real-time embedded operating system (RTOS) used widely in devices around the world for the last 25 years.  Recently at a conference in London, a researcher presented a paper on a potential device vulnerability found in VxWorks.  The potential vulnerability is present when, and only when, the optional RPC (Remote…
Whitelisting as a key weapon in the battle for embedded device security

Whitelisting as a key weapon in the battle for embedded device security

By Ido Sarig If you are an embedded software developer involved IoT projects , you’ve no doubt read the recent warning issued by the Federal Trade Commission  about cybersecurity risks associated with the hyper growth of smart devices being connected to the internet. Indeed, you have to be living on another planet if you have not heard about the security…
Securing Critical Infrastructure…How Can Technology Help?

Securing Critical Infrastructure…How Can Technology Help?

By Victor Abelairas On Thursday, the head of the National Security Agency told a Congressional panel that China and a few other countries (as well as criminal organizations acting on behalf of those nations) have the capacity to shut down the nation’s power grid and other critical infrastructure.  With a discernable rise in the number of vulnerabilities per year over…
Hackers, Crackers, and Pirates: How to Protect Embedded Devices in the Internet of Things

Hackers, Crackers, and Pirates: How to Protect Embedded Devices in the Internet of Things

By Daniela Previtali/Wibu-Systems and Emeka Nwafor & Michael Weinstein/Wind River As devices and technologies continue to evolve and become more intertwined and connected, the embedded market is experiencing a rebirth. The Internet of Things (IoT) is transforming production facilities into smart factories, energy transmission and distribution systems into smart grids, and homes and offices into smart buildings. This shift, in turn,…
Is the Internet our best metaphor for the IoT?

Is the Internet our best metaphor for the IoT?

By Mychal McCabe Last week Dave Evans (@DaveTheFuturist) tweeted about a search engine for the Internet of Things called Thingful.  In the interview that Dave referenced, there's discussion of how to build a search engine for connected devices at scale, and whether or not crawling is the right model to apply to the findability challenges and opportunities of the emerging IoT. That same…
No Need to Bleed for Security!

No Need to Bleed for Security!

By Andreea Volosincu Who doesn’t love a great nickname? Earlier this month, security experts discovered a very serious bug in OpenSSL. And by “discovered” I mean “noticed.” Apparently the bug had been in OpenSSL for 2+ years but only publicly announced now. Following this discovery, two things happened: 1) security gurus were abuzz with worry, and 2)  the public immediately…
Observations from RSA 2014

Observations from RSA 2014

By Jeff Gowan We are now back home after a great week at the RSA Conference across the bay in San Francisco.  We had some great client meetings and enjoyed catching up with our friends in the industry. Here are a few observations and notes we’d like to share: The event doubled the size of the location from last year…