Security Roundup - 2016-01-15
Lots of news over the week, so thought I would do a pre-weekend digest.
More and more hardware vulnerability stories:
Maybe we should score some companies based on the security of their products? Or at least notify our customers who we know use these products when these things are released?
I mean, seriously, if someone has a product that proved to be a security vulnerability, it makes sense that their security score should be kinda low, right? Especially if it is a security product like a password manager.
At least Cisco found these themselves, having launched a code review in the wake of Juniper.
“Researchers with Rapid 7 pointed out in early December that EKI-1322 was still vulnerable to Shellshock and Heartbleed, bugs that affected machines running Bash, and OpenSSL respectively, in 2014.”
Almost missed this article from November. Hackers stealing data through medical devices! Hospital system honeypots! Hacking devices to do lethal things!
And an assortment of other news:
“As Ajay Arora, CEO of file security company Vera, notes, there is no perimeter anymore.”
From compute-hard passwords to memory-hard passwords.
Interesting article on how one organization audits their SSH usage.
A tale of white hat turning black hat. Hackers being hacked. Monitoring for vulnerabilities based on coding style/reuse.
How one con divined the existence of the Stringray
Using a combination of biometrics, the way you walk, your keystroke patterns, your speech patterns, your face, etc to build a ‘trust score’ that unlocks your device. Unsure what happens if you totally mess up one of those algorithms by breaking your leg or something. And, I mean, something is going to be storing all that data.