Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

Podcast: The good and the bad of Heartbleed, Part 2

Two years after the vulnerability in OpenSSL known as Heartbleed there remain valuable lessons still to be learned both about how vulnerabilities are discovered and how the security community should respond. This week my guest is Billy Rios, founder of WhiteScope, an embedded security company, with part two of our discussion around Heartbleed, two years […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Podcast: The good and the bad of Heartbleed, Part 2

 

Russian bug bounty program to target government software

In a bid to harden government software in Russia, the government is discussing a possible bug bounty program. Deputy Communications Minister Aleksei Sokolov said the Russian government is considering what would be one of the first government-run bug bounties. The program would first apply to government-approved software and might expand beyond that. The Russian news […]

Continue Reading...

Posted in Government Security, Software Architecture and Design | Comments Off on Russian bug bounty program to target government software

 

Mozilla Funds Effort to Find Next Heartbleed

A new program, Secure Open Source, aims to discover and remediate serious vulnerabilities in common open source software. In a blog post on Thursday, Mozilla’s Chris Riley said “From Google and Microsoft to the United Nations, open source code is now tightly woven into the fabric of the software that powers the world. Indeed, much […]

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Mozilla Funds Effort to Find Next Heartbleed

 

Symantec announces anomaly detection for automotive

Maybe you’re not yet worried about a remote hacker disabling the brakes on your car, but anti-virus vendor Symantec has produced an anomaly detection system for automobiles that doesn’t require OEMs to install new hardware and claims to identify zero-day attacks. Symantec’s Anomaly Detection for Automotive is a software-based solution, which the company says learns […]

Continue Reading...

Posted in Automotive Security | Comments Off on Symantec announces anomaly detection for automotive

 

Podcast: Billy Rios on the good and the bad of Heartbleed, Part 1

Two years after its disclosure, the vulnerability in OpenSSL known as Heartbleed remains significant. There are valuable lessons still to be learned both about how the vulnerability was initially discovered and how the security community has responded over time. This week my guest is Billy Rios, founder of WhiteScope, an embedded security company. In April […]

Continue Reading...

Posted in Fuzz Testing, Internet of Things, Open Source Security | Comments Off on Podcast: Billy Rios on the good and the bad of Heartbleed, Part 1

 

Researcher finds Mitsubishi Outlander can be remotely hacked

In response to new research, Mitsubishi is recommending that owners of its European Outlander model turn off the Wi-Fi system while it investigates potential vulnerabilities. On Monday, the BBC reported that security researcher Ken Munro who found the Mitsubishi Outlander plug in hybrid electric vehicle (PHEV) vehicle supported its own web server. He noticed one […]

Continue Reading...

Posted in Automotive Security | Comments Off on Researcher finds Mitsubishi Outlander can be remotely hacked

 

Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet

A new family of ICS-focused malware, dubbed Irongate, interferes with industrial process running within a simulated Siemens control system environment. Borrowing from Stuxnet, a new family of ICS-focused malware, dubbed Irongate, interferes with industrial process running within a simulated Siemens control system environment. Back in 2010, researchers found a sophisticated piece of malware called Stuxnet […]

Continue Reading...

Posted in Critical Infrastructure Security | Comments Off on Irongate attacks ICS Siemens Step 7 PLCs—Similar to Stuxnet

 

How distributed weakness filing system might assist MITRE’s CVEs

Complaints about the current Common Vulnerability Enumeration (CVE) from the MITRE organization have advanced a new community-powered Distributed Weakness Filing system (DWF). MITRE-controlled CVEs, used to assign specific numbers to each new disclosed vulnerability, have been used in the infosec community for the last few years but concerns around backlogs spilled over at last week’s […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on How distributed weakness filing system might assist MITRE’s CVEs

 

Tesla pushing out “inert” software updates

Owners of Tesla are passively participating in a beta test of new self-driving software from the manufacturer. Speaking at a MIT Technology event in San Francisco on Tuesday, Tesla’s director of Tesla’s Autopilot program Sterling Anderson said his company is pushing out “inert” software updates designed to shadow the drivers on the road today. “We […]

Continue Reading...

Posted in Automotive Security | Comments Off on Tesla pushing out “inert” software updates

 

Maritime vessels new targets for cyber attacks

New research suggests that maritime vessels are under significant threat of cyber-attack because they were not designed with cyber security in mind and carry outdated software. In a research paper published in Engineering and Technology Reference researchers from the Plymouth University’s Maritime Cyber Threats Research Group suggest that cyber attacks would most likely target systems […]

Continue Reading...

Posted in Critical Infrastructure Security | Comments Off on Maritime vessels new targets for cyber attacks