The Internet of Things, or IoT, Connected Devices, Smart devices whatever you want to call them have become a fixture in most homes. It has gotten to the point where you have to look hard to find a device that is not “Smart”. Manufacturers love to push the marketing term smart onto the consumer as it becomes a value add proposal; hey this can do all of this and you can control it using your phone from anywhere. What they do not disclose is exactly how insecure these devices are and how much privacy you can end up giving up just by having them in your home.
Since the ATi purchase AMD has struggled with trying to compete in the CPU market. They have tried many different strategies and approaches. One even included distancing themselves from the performance market and focusing solely on mobile. This disastrous strategy did not work out well and led to a string of APUs that performed well when it came to graphics but had some serious performance issues when it came to traditional compute work. Now AMD is attempting to position themselves back in the enthusiast space with a new strategy and a new architecture.
If you have been paying attention to the technical news lately you might have noticed more than a few articles pointing fingers back and forth between the AntiMalware company Cylance and the… well the industry. The argument (if you have not already read about it) goes something like this; the big AV/AM companies are accusing Cylance of stacking the deck in their favor when they demo their product against the competition. Cylance, for their part, claims that they provide a realistic test in comparison to what is usually done when it comes to AV/AM testing. Both sides have their points and it calls into question something that exists in all levels of the technical press and testing bodies; real world vs scripted testing.
Black Hat 2016, Las Vegas, NV
We had the chance to sit down with Chris Carlson, vice president of product management for Qualys and talk a little about what Qualys is up to and where they are moving to in the security market. For many Qualys is a name that brings vulnerability management and reporting to mind. This is due to the fact that this has been their bread and butter for a number of years. Now they are moving into new verticals in the market to expand on their knowledge in this arena. One of the highlights of the talk was in coving their Cloud Agent which brings a whole new set of features to the Qualys product line.
Last year at Black Hat we had an interesting conversation with Tammy Moskites from Venafi. Although Tammy is both the CIO and CISO of Venafi the conversation did not focus on that company or the product as a whole. Instead we talked at length about trust and controlling the keys to data and devices. This conversation is still a very important one as continue to see attacks and vulnerabilities in the systems that control access to and the encryption of important data.
DEF CON 24 - Las Vegas, NV
The term Honey Pot is one that most people are very aware of. It is a form of detection that is designed to lure an attacker into targeting a simulated system so that you can identify their techniques and tools. Honey pots have been used to gather intelligence about bot nets, malware in the wild and many other forms of malicious activity. The problem now is that these simulated systems are very easy to identify and avoid by today’s advanced attackers.
It seems that AMD’s recent licensing moves and the press that Zen has been getting has given investors more confidence in the company. On Friday this confidence pushed AMD’s share price by almost 10% at $6.18 (the 52 week high) of this writing AMD’s share price has dropped some, but is still up by a little more than 5% ($6.14). Some have seen this as proof that AMD is going to have a comeback soon and that Intel should be very worried.
These days it is not unheard of for something as simple as a printer to have all sorts of bells and whistles. You can find wireless, remote file access, remote (web) printing and more. These devices also have very advanced controls that are often accessible through a web interface. All of this technology can be had for very little money making advanced printers a common thing in the market. The downside? Well there is also very little security in these products. Walking through a business the other day with my WiFi sniffer on I found multiple, unprotected wireless networks screaming at me to join. Without exception these were all printers connected to the company’s network. All easy prey if I was up to no good.
In the last week the world saw what appeared to be another attempt to violate privacy by government law enforcement. In this case the FBI opened a “pilot” program to capture iris imprints for a searchable database. To date they have captured more than 400,000 of these imprints. The major concern here is that there was (and remains) no public debate, or oversight on the program. The program stands on its own outside the many restrictions that protect privacy and also other rights that people have. Well at least that is how things look on the surface. We took a little bit of a deeper look and tried to peel away some of the FUD and hype over the collection.
With the rise of the crowd funding the consumer electronic world has been given an interesting kick in a new direction. We are now seeing some very interesting tech from companies that we might never have heard of if it were not for crowd funding. This has both good and bad consequences, although the good do outweigh the bad at this stage. One item that was brought to our attention is SVET. If you are not familiar with SVET is it a new type of lighting technology that claims it is healthier than any other light in use.