Saturday, 3 January 2015

Internet of things - Security Threats Emerge



Security Threats Emerge

That said, two-thirds of respondents are concerned about privacy. In fact, across age, gender and income, 66 percent of survey respondents express concern about privacy. Researchers say this finding highlights the need for industry participants to mitigate privacy and security concerns to drive the industry forward.

"Data security and identity protection are clearly top of mind for consumers looking at IoT products and services," said Jack Ogawa, Director of Marketing for NXP Semiconductors. "The developing IoT industry has an opportunity to utilize state of the art software and semiconductor technology to set the standard for secure connections, both in the Cloud and in the connected IoT products themselves."

Adam Kujawa, head of malware Intelligence at anti-malware and Internet security software firm Malwarebytes says we'll see the first major IoT attack in 2015.

Heartbleed still active as tax payers get personal information stolen from government run web site



The Heartbleed bug remained a concern for the federal government three months after it was supposed to have been patched to protect taxpayers’ personal information, according to an internal government report.

Heartbleed forced the Canada Revenue Agency to shut down its online services at the height of tax season and publicly admit that it had lost the personal information on 900 taxpayers. A London, Ontario man is facing multiple charges in relation to the incident.

A government report penned in July reviewing the lessons learned from Heartbleed provides a detailed timeline of events, showing how quickly and how many people across government were brought to mitigate the damage Heartbleed caused — and continued to cause even in July.

http://ottawacitizen.com/news/national/heartbleed-report-canada-government

Windows 8.1 - vulnerability remains unpatched for months!


A security researcher at Google has published details of an as-yet unpatched vulnerability in Windows 8.1, three months after reporting the problem to Microsoft.

Google's Security Research arm practices responsible disclosure, meaning that newly-discovered vulnerabilities are communicated in private to the maintainers of the affected software. The maintainers are then given a chance to investigate the issue and publish a patch to resolve the problem before the flaw is communicated to the general public - helping to prevent 'zero-day' scenarios where a widespread vulnerability becomes public knowledge before protections against its exploitation can be put in place.

Thursday, 1 January 2015

Start 2015 off with security in mind - so stop using PHP

example of hacked web site

With a string of SSL issues behind us in 2014 (Heartbleed, Poodle, Beast) maybe 2015 should be the year of increased security... first off PHP.

More than 78 per cent of all PHP installations are running with at least one known security vulnerability, a researcher has found.

Google developer advocate Anthony Ferrara reached this unpleasant conclusion by correlating statistics from web survey site W3Techs with lists of known vulnerabilities in various versions of PHP.


What he found is that many, many PHP-powered websites are using insecure versions of the interpreter – so much so that it's actually easier to find an insecure PHP setup on the internet than a secure one.

"This is absolutely and unequivocally pathetic," Ferrara wrote. More http://www.theregister.co.uk/2014/12/31/want_to_have_your_server_pwned_easy_run_php/