Thursday, March 16, 2017

Who's Getting Hacked?




Forrest Carman from Owen Media passed along something fun I think might interest you. IT training company CBT Nuggets just analyzed the responses of over 2000 survey respondents, testing knowledge about online security.

Some interesting results:

  • Apple users are 22% more likely to be victims of online identity theft than Windows users.
  • People who identify as “tech savvy” are 18% more likely to be victims of online identity theft than those who don’t.
  • Those who have PhDs are more likely to be victims of online identity theft than high school graduates.
  • Millennials are less likely than their older counterparts to have secure information stolen online, although this may be because they haven’t risked having their personal information compromised for as long as the other age groups.

Monday, March 13, 2017

96 Percent of IT Security Professionals Expect an Increase in Cybersecurity Attacks on Industrial Internet of Things



Study reveals most organizations take additional precautions to secure IIoT

Portland, Ore. – March 13, 2017 – Tripwire, Inc. today announced the results of a study conducted in partnership with Dimensional Research. The study looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and to what extent it is expected to cause security problems in 2017.  

IIoT are the connected devices in critical infrastructure segments such as energy, utilities, government, healthcare and finance. Tripwire’s study revealed that:
  • Ninety-six percent of those surveyed expect to see an increase in security attacks on IIoT in 2017.
  • Fifty-one percent said they do not feel prepared for security attacks that abuse, exploit or maliciously leverage insecure IIoT devices.
  • Sixty-four percent said they already recognize the need to protect against IIoT attacks, as they continue to gain popularity among hackers.

“Industry professionals know that the Industrial Internet of Things security is a problem today. More than half of the respondents said they don’t feel prepared to detect and stop cyber attacks against IIoT,” said said David Meltzer, chief technology officer at Tripwire. “There are only two ways this scenario plays out: Either we change our level of preparation or we experience the realization of these risks. The reality is that cyber attacks in the industrial space can have significant consequences in terms of safety and the availability of critical operations.” 

“As Industrial companies pursue IIoT, it’s important to understand the new threats that can impact critical operations. Greater connectivity with operational technology (OT) exposes operational teams to the types of attacks that IT teams are used to seeing, but with even higher stakes,” said Robert Westervelt, security research manager at IDC.  “The concern for a cyber attack is no longer focused on loss of data, but safety and availability. Consider an energy utility as an example - cyber attacks could disrupt power supply for communities and potentially have impact to life and safety.”

The study’s respondents were also asked how they expect their organizations’ deployment of IIoT devices to change, and how it will affect their level of vulnerability. Tripwire found that: 

  • Ninety percent expect IIoT deployment to increase.
  • Ninety-four percent expect IIoT to increase risk and vulnerability in their organizations.
  • When respondents were broken down by company size, both larger companies (96 percent) and smaller companies (93 percent) expect a significant increase in risk caused by the use of IIoT.

Meltzer continued, “The Industrial Internet of Things ultimately delivers value to organizations, and that’s why we’re seeing an increase in deployments. Security can’t be an industry of ‘no’ in the face of innovation, and businesses can’t be effective without addressing risks. The apparent contradiction of known risks and continued deployment demonstrates that security and operations need to coordinate on these issues. While IIoT may bring new challenges and risks, the fundamentals of security still apply. Organizations don’t need to find new security controls, rather they need to figure out how to apply security best practices in new environments.”

Exploring Mobile Authentication Mechanisms from Personal Identification Numbers to Biometrics

This chapter from Protecting Mobile Networks and Devices highlights the strength and the weakness of the current authentication schemes, from the simpler ones such as personal identification number to the more complex biometric systems such as fingerprints. The authors evaluate the usability of these schemes for the user based on both existing and new criteria.

Tuesday, March 7, 2017

"Totalitarianism starts when the difference between your public life and your private life is effaced."

In NPR's interview with historian Timothy Snyder about his new book, "On Tyranny: Twenty Lessons from the Twentieth Century," he said, "Totalitarianism starts when the difference between your public life and your private life is effaced. If we can't have exchanges with our friends and family, with loved ones that won't at some point be made public then we can't have private lives. And if we can't have private lives then we're not really free people."

We saw during the recent election how selective leaks helped defeat Clinton, and yes, they were an invasion of privacy. As a nation, we still have an expectation of privacy, although we should know by now it's a delusion. Still, we need to maintain a private life.

A few year ago we published Kun Peng's "Anonymous Communication Networks: Protecting Privacy on the Web." She starts with the statement that "Anonymity is a fundamental right of a democratic society." She then discusses how that right is violated, frequently with our agreement and help. Most of the book is technical, including this explanation of onion routing. For the rest of us, she provides a chapter on how to use practical systems to achieve anonymity, including how to download, install, and configure them. These systems are Tor, I2P, JAP/JonDo, and QuickSilver.

Look, it won't be long before some Trump youth group starts to rat out their parents, siblings, relatives and friends. It's time to take some action toward personal privacy. I know no one will dump their apps and social media PII syphons, but at least take a little to preserve some privacy.

LINKS

NPR's Robert Siegel talks with historian Timothy Snyder about his new book, "On Tyranny: Twenty Lessons from the Twentieth Century"
http://www.npr.org/2017/03/06/518858371/on-tyranny-explores-new-threats-facing-american-political-system

Buy "On Tyranny: Twenty Lessons from the Twentieth Century" at http://www.barnesandnoble.com/w/on-tyranny-timothy-snyder/1125454355?ean=9780804190114. It's only $7.99!

Buy "Anonymous Communication Networks: Protecting Privacy on the Web" at https://www.crcpress.com/9781439881576

Read Onion Routing at http://www.ittoday.info/Excerpts/Onion-Routing.pdf

Mobile Dev + Test and IoT Dev + Test Conferences



The popular, collocated Mobile Dev + Test and IoT Dev + Test conferences are back at the beautiful Westin San Diego, April 24–28, 2017. Mobile Dev + Test offers the latest tips, tricks, tools, and in-depth learning opportunities for mobile software developers as well as testers. Meanwhile if you're new or experienced in the world of IoT (Internet of Things), IoT Dev + Test will offer the latest in IoT development, testing, design, emerging technologies, tools, and leadership principles from leaders who deliver inspiring keynote presentations, in-depth tutorials, and a wide range of conference sessions. Join TechWell for a week packed with hands-on learning, networking, and fun.

Explore all of this and more:
   Pre-conference training classes
   In-depth half- and full-day tutorials
   Keynotes featuring industry thought-leaders
   Concurrent sessions covering hot topics and solutions
   The Expo, bringing you the latest in software solutions
   Networking events: receptions, breakfasts, breaks, and lunches included
Topics include Mobile Testing, Android, iOS, Mobile and IoT Test Automation, IoT Testing, UX, and more!

Register for the Mobile Dev + Testconference and receive full access to the IoT Dev + Test conference. Use promo code MDCM and save up to $200 off, plus when register by March 24 you can save up to an additional $200 with Early Bird Pricing, that is a combined savings of up to $400!