During the last three years, the security research community has been having a lot of fun with SSL/TLS uncovering a few nifty attacks. First, in 2011, Juliano Rizzo and Thai Duong released the details about the BEAST attack on Transport Layer Security (TLS) at the ekoparty Security Conference in Buenos Aires, Argentina. I wrote a brief overview of the attack at the following blog post:
In 2012, again at the ekoparty Security Conference in Buenos Aires, Rizzo and Duong revealed a compression side-channel attack against HTTPS called CRIME. This year at Black Hat USA, Angelo Prado, Neal Harris, and Yoel Gluck uncovered a new attack and a tool they called BREACH, which is based on some of the previous research by the folks behind CRIME.
Read More »
Tags: Black Hat 2013, Black Hat USA, security, SSL
With the emergence of the Internet of Things (IoT), technology has become an integral part of our daily lives and promises to become even more prevalent in the near future. While this is normally a good thing – making our lives easier and more comfortable, any technology can be just as easily turned against us if it hasn’t been properly secured. In fact, there seems to be a direct correlation between the value of a connected object in our daily lives and the degree of pain inflicted if that object falls prey to hackers. Two recent articles in well-known publications highlight this fact.
Because IoT puts technology closer to home than ever before, much more is at stake than with prior networks. As a result, the need for proper security can’t be emphasized enough.
Read the full Hacking Made Easy – Courtesy of IoT blog to learn more and to and gain access to the two articles.
Tags: Internet of Everything, internet of things, IoE, IoT, security
In June, I attended the Gartner Security Summit in Washington, D.C. where I was asked by quite a few security executives, “My network folks just bought ISE, but what is ISE and what type of security does it provide?” Fast forward to July, and I wish I had this SANS review on ISE to offer a month earlier. (SANS, as many security professionals know, is a highly regarded organization on IT security and cyber security.) Read More »
Tags: blackhat, context awareness, cyber security, ESG, Gartner, Intelligence, ISE, Network World, SANS, secure access, security, threats
An advert from Byte magazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today’s prices. If data storage prices had remained constant, this would mean that the 1GB flash drive in my pocket would cost in excess of US$1,000,000, with possibly a price premium for small size and portability. In fact, it cost me about US$10, evidence of the continuing drop in the price of electronic storage media in terms of price by stored byte. The amount of storage that can be acquired for a given cost has roughly doubled every 14 months since 1980 . There is nothing to suggest that this trend won’t continue for the foreseeable future. We can look forward to larger and larger data storage devices at cheaper cost. But what are the implications of this trend for security professionals? Read More »
Tags: data storage, data theft, protecting_customer_data, security, TRAC
Next in this 9 HIPAA Network Considerations blog series, I cover the third network consideration focusing on knowing where your PHI is. Remember, the HIPAA Omnibus Rule was released January 23, 2013, became effective March 26, 2013 with compliance to the updates se for September 23, 2013. Audits will also start up again for covered entities and business associates in late 2013 or early 2014.
Read More »
Tags: byod, healthcare, HIPAA, PCI Compliance, privacy, security