Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

DEF CON 25 exposes voting system vulnerabilities

It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from a previous election, exposing another issue: how to delete old data.

Continue Reading...

Posted in Data Breach, General | Comments Off on DEF CON 25 exposes voting system vulnerabilities

 

How will new IoT legislation strengthen the future of cyber security?

The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 aims to mitigate risks and increase security in IoT products. Does it stand a chance?

Continue Reading...

Posted in Internet of Things | Comments Off on How will new IoT legislation strengthen the future of cyber security?

 

What is the state of fuzz testing in 2017?

In a new report, Synopsys examines new insights into areas of software development where further testing remains. By analyzing over 4.8 billion protocol-based tests, the Synopsys State of Fuzzing 2017 report qualifies the relative levels of maturity in terms of quality and security across more than 250 protocols found in industry verticals such as industrial control systems, medical, financial, government, and the Internet of Things (IoT). Check out the State of Fuzzing 2017 report to get all the findings.

Continue Reading...

Posted in Fuzz Testing | Comments Off on What is the state of fuzz testing in 2017?

 

Are there ever legitimate reasons for hacking a car?

Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend and weekday editions of this course were sold out.

Continue Reading...

Posted in Automotive Security | Comments Off on Are there ever legitimate reasons for hacking a car?

 

Black Hat USA and DEF CON 2017: And that’s a wrap!

Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two conference represent the largest annual gathering of InfoSec experts in the world.

Continue Reading...

Posted in Fuzz Testing, Internet of Things | Comments Off on Black Hat USA and DEF CON 2017: And that’s a wrap!

 

What Dark Web failures can teach us about security at Black Hat and DEF CON

Last week, authorities in multiple countries served warrants to take down a Dark Web site generating a reported $600,000-$800,000 a day in sales of illegal drugs and other products. The clue that led authorities to the real-world admin behind the site was a personal email address used in the site’s early days. It provided a tangible link between the virtual world and the physical world. And, it underscored the many difficulties in truly masking one’s identity online.

Continue Reading...

Posted in General | Comments Off on What Dark Web failures can teach us about security at Black Hat and DEF CON

 

Devil’s Ivy security vulnerability leaves IoT devices at risk

A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other Internet of Things devices) at risk. But Devil’s Ivy and other such flaws can be avoided with effective software supply chain management.

Continue Reading...

Posted in Internet of Things, Software Composition Analysis | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk

 

Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?

This week’s malware outbreak that removed computer data capabilities from large enterprises worldwide is now thought to have been designed to damage, not to earn profit. Therefore, it only masquerades as traditional ransomware. First seen on Tuesday, NotPetya/Petya is like last month’s WannaCry in that it displayed a ransom request of $300 in Bitcoin on compromised machines. However, this time the attacks were not widespread nor intended for individual machines. They were targeted at faulty enterprise networks and the data was generally not recoverable.

Continue Reading...

Posted in Data Breach | Comments Off on Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?

 

PetrWrap/Petya ransomware spreading globally: Here’s what you need to know

Unlike WannaCry, PetrWrap/Petya ransomware is a virus, spread by spam campaigns using malicious Microsoft Word documents, so it cannot spread itself.

Continue Reading...

Posted in General | Comments Off on PetrWrap/Petya ransomware spreading globally: Here’s what you need to know

 

How will the EU’s GDPR set a higher data security standard?

By mid-2018, global organizations doing business in Europe will need to comply with a new data security regulation known as the General Data Protection Regulation (GDPR). In light of recent high-profile data breaches, the GDPR is a much-needed revision of the EU’s 1995 Data Protection Directive 95/46/EC. It establishes new best practices for organizations doing business in the EU.

Continue Reading...

Posted in Data Breach, Security Standards and Compliance | Comments Off on How will the EU’s GDPR set a higher data security standard?