Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Nike publishes open source code to GitHub

An athletic retail shoe manufacture is publishing its home-brewed open source code to GitHub. Nike, best known for its athletic wear, has been quietly hiring engineers. According to TechCrunch Nike has 10 iPhone apps and two iPad apps on the App Store. Nike also has an entire website dedicated to developer APIs for Nike Fuel. […]

Continue Reading...

Posted in Open Source Security | Comments Off on Nike publishes open source code to GitHub

 

Will open source drive the future of connected cars?

Currently software in automobiles is at best a Tower of Babel, with different suppliers providing their own software and no underlying system to unify them. That may change—and soon—as some vendors are moving toward open source Linux as a solution. Automotive Grade Linux is an initiative of mostly Japanese OEMs such as Mazda, Toyota, Nisson, […]

Continue Reading...

Posted in Automotive Security, Open Source Security, Security Standards and Compliance | Comments Off on Will open source drive the future of connected cars?

 

Board rooms uncomfortable with software risks

A recent panel discussion hosted by a computer analysis firm has concluded that compliance officers lack technical expertise and clear ownership of the technologies involved. According to the Wall Street Journal, Paul Nielsen, chief executive of the Software Engineering Institute at Carnegie Mellon University, said because so many executives are uncomfortable with technology they try […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Board rooms uncomfortable with software risks

 

NHTSA investigates Tesla after first autopilot death

In May, a Tesla Model S driver using autopilot was killed when a tractor trailer drove across the highway perpendicular to the vehicle. The accident on May 7 in Williston, Florida, was the first known death as the result of using autopilot for automobile technology. The National Highway Traffic Safety Agency (NHTSA) said the death […]

Continue Reading...

Posted in Automotive Security | Comments Off on NHTSA investigates Tesla after first autopilot death

 

Supply chain firmware flaw may have helped botnet spawn

Flaws in firmware commonly used by Closed Circuit TV (CCTV) devices worldwide have been exploited to create a powerful IoT-based botnet, according to one security firm. On Monday, Securi published a blog about a customer, a small jewelry shop, that was seeing a large amount of network traffic through its CCTV cameras. Investigating further, the […]

Continue Reading...

Posted in Internet of Things | Comments Off on Supply chain firmware flaw may have helped botnet spawn

 

Vulnerabilities hit anti-malware software solutions

A Google researcher has disclosed a number of very serious vulnerabilities in Symantec and Norton anti-malware products. “These vulnerabilities are as bad as it gets,” wrote Google’s Project Zero researcher Tavis Ormandy. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Vulnerabilities hit anti-malware software solutions

 

Feds consider a ‘hack the FDA’ bug bounty program

Coming on the heels of a successful “Hack the Pentagon” bug bounty program, in which one 18-year old received a $1K prize, the U.S. Federal Government is considering a similar program for healthcare. Last Thursday, Lucia Savage, chief privacy officer at HHS’s Office of the National Coordinator for Health Information Technology, said that the practice […]

Continue Reading...

Posted in Medical Device Security | Comments Off on Feds consider a ‘hack the FDA’ bug bounty program

 

Old malware creates new headaches for healthcare IT

A new study finds that old malware is actively being exploited in healthcare environments. On Monday, TrapX, a deceptive technology start up, released a report on Medical Device Hijack or Medjack entitled Anatomy of an Attack – Medical Device Hijack 2. The report, which updates a similar report from last year, is based on attacks […]

Continue Reading...

Posted in Medical Device Security | Comments Off on Old malware creates new headaches for healthcare IT

 

Why patching core open source libraries is only half the battle

On Tuesday, Talos, a division of Cisco, warned against three critical memory-related vulnerabilities that remain exploitable even after patching an open source component. Up to 90 percent of software today consists of third party components. Admins today must also ensure that third-party software running the library is also fixed. In other words, what are the […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Why patching core open source libraries is only half the battle

 

Lexus infotainment systems go dark after software glitch

Toyota confirmed on Thursday that infotainment and navigation systems on some Lexus models have shut down due to a software glitch. An automatic software update sent to 2014 to 2016 Lexus vehicles equipped with a specific generation “Enform” system with navigation. Toyota said owners experiencing the loss of infotainment and navigation should visit their dealer […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on Lexus infotainment systems go dark after software glitch