Black Hat 2016, Las Vegas, NV
We had the chance to sit down with Chris Carlson, vice president of product management for Qualys and talk a little about what Qualys is up to and where they are moving to in the security market. For many Qualys is a name that brings vulnerability management and reporting to mind. This is due to the fact that this has been their bread and butter for a number of years. Now they are moving into new verticals in the market to expand on their knowledge in this arena. One of the highlights of the talk was in coving their Cloud Agent which brings a whole new set of features to the Qualys product line.
Last year at Black Hat we had an interesting conversation with Tammy Moskites from Venafi. Although Tammy is both the CIO and CISO of Venafi the conversation did not focus on that company or the product as a whole. Instead we talked at length about trust and controlling the keys to data and devices. This conversation is still a very important one as continue to see attacks and vulnerabilities in the systems that control access to and the encryption of important data.
DEF CON 24 - Las Vegas, NV
The term Honey Pot is one that most people are very aware of. It is a form of detection that is designed to lure an attacker into targeting a simulated system so that you can identify their techniques and tools. Honey pots have been used to gather intelligence about bot nets, malware in the wild and many other forms of malicious activity. The problem now is that these simulated systems are very easy to identify and avoid by today’s advanced attackers.
It seems that AMD’s recent licensing moves and the press that Zen has been getting has given investors more confidence in the company. On Friday this confidence pushed AMD’s share price by almost 10% at $6.18 (the 52 week high) of this writing AMD’s share price has dropped some, but is still up by a little more than 5% ($6.14). Some have seen this as proof that AMD is going to have a comeback soon and that Intel should be very worried.
These days it is not unheard of for something as simple as a printer to have all sorts of bells and whistles. You can find wireless, remote file access, remote (web) printing and more. These devices also have very advanced controls that are often accessible through a web interface. All of this technology can be had for very little money making advanced printers a common thing in the market. The downside? Well there is also very little security in these products. Walking through a business the other day with my WiFi sniffer on I found multiple, unprotected wireless networks screaming at me to join. Without exception these were all printers connected to the company’s network. All easy prey if I was up to no good.
In the last week the world saw what appeared to be another attempt to violate privacy by government law enforcement. In this case the FBI opened a “pilot” program to capture iris imprints for a searchable database. To date they have captured more than 400,000 of these imprints. The major concern here is that there was (and remains) no public debate, or oversight on the program. The program stands on its own outside the many restrictions that protect privacy and also other rights that people have. Well at least that is how things look on the surface. We took a little bit of a deeper look and tried to peel away some of the FUD and hype over the collection.
With the rise of the crowd funding the consumer electronic world has been given an interesting kick in a new direction. We are now seeing some very interesting tech from companies that we might never have heard of if it were not for crowd funding. This has both good and bad consequences, although the good do outweigh the bad at this stage. One item that was brought to our attention is SVET. If you are not familiar with SVET is it a new type of lighting technology that claims it is healthier than any other light in use.
It seems that the US Air Force has taken a pretty big hit when it comes to the storage of the data related to internal investigations. The system that they have been using has had a glitch that resulted in the loss of around 12 years of data. Normally this would only be a big deal until the backup was restored, but… there was no back up of this data as a complete set. There might be subsets of this data in other systems scattered throughout the US Air Force systems, but even that is not for sure.
AMD might have some demo Zen silicon to show off at their expected press conference during Computex. This is the rumor that is coming from multiple sources at the moment. If true, this would be good for AMD for a couple of reasons. The first is the most obvious; they would have a real product to show off to the press. This will, of course, generate a lot of press and conversation about Zen. It will also get consumers eager for Zen, if, the demos can showcase performance that compares to current Intel hardware in the same class at a price point that is competitive.
We have written numerous articles on how bad corporate mentality is shaping security and risking your data, but we have one more to share with you today. We can also guarantee that this will not be the last one we write about. According to news reports the company EagleSoft has responded to a security researcher (part time) by asking the FBI to treat him like a criminal, instead of just fixing the issue as reported. The researcher’s name is Justin Shafer and his crime was reporting unencrypted patient data left on an open FTP server by EagleSoft. The FTP server did not require a logon to access the data, but EagleSoft, in order to protect themselves are trying to play this off as a criminal act.