January 2014 | SafeLogic

Archive for January, 2014

30 Jan 2014

The Internet of Things (To Protect)

SmartFridgeThe Internet of Things is under attack already, say researchers.  A smart refrigerator was hacked and used to disperse malicious code, for example.  So why are we not properly teaching folks that devices are vulnerable immediately upon connection?  Education on these topics will save us a lot of heartache and headlines in the next few years… and it might even save some lives.

In recent posts, Symantec’s Vince Kornacki and Bob Shaker point to some disturbing potential outcomes from building the connected home without properly factoring in security.  Sure, the hacked toaster oven is fairly innocuous, but burglars really could case entire neighborhoods by tracking homes’ thermostat activity.  Hackers more interested in anarchy and panic really could manipulate fridges to spoil food and use unsupervised ovens to start fires.  Kornacki points out that by simply disabling a home’s heater could produce disastrous effects in frigid climates, and the inverse is true as well.  Denying air conditioning to a desert dweller in August could quickly turn cruel or even fatal.

We have seen what happens in other sectors when we let technology develop too far without factoring in security.  Unfortunately, many manufacturers will ignore security as long as possible, until their consumer audience demands it.  So let’s stop, take a deep breath, and educate the public.

Rules to Remember

  • If it’s connected to the internet, it can be hacked.
  • If it can be hacked, it can be manipulated.
  • Everything that has data in transit or at rest should be encrypted.
  • Encryption is not all created equal, so it should be verified.
  • If it has a camera, someone might be watching you.
  • If it has a camera, someone might be watching your internet traffic instead of you.
  • If it has a password, change it to a strong code.
  • If it doesn’t have password protection available, ask why not.

 

Manufacturers will drag their feet until we, as buyers, make it clear that we want secure devices.  We should not be buying any connected devices that do not have privacy safeguards available.  Speak with your wallet and be patient until viable options are on the market.  And then, it will be game on for the Internet of Things!

BlogFooter_Ray

24 Jan 2014

January 24, 1984

30 years ago today, a young Steve Jobs burst onto the scene with the Macintosh.  Whether you are the biggest Apple fan or you despise the very thought of using an iAnything, Jobs and that company from Cupertino changed the world we live in.  Thank you to all who have, and continue to contribute to the technology of tomorrow.

Thanks to YouTube user Mac Essentials for this video!

BlogFooterWalt

16 Jan 2014

The Best Boycott is Actually Showing Up

RSAConference

 

The blowback on RSA is officially in full swing, even gaining momentum as various experts have publicly announced their decision to boycott the RSA Conference.  So it seems like the perfect opportunity for me to take a stand as well, and say that I will not be speaking at the conference either!

Wait, I wasn’t invited?  That’s BS.  I am electing to boycott and I refuse to speak!

In all seriousness, I do have an issue with the folks who are choosing to stay home.  Quite simply, it’s an empty gesture.  For real change to occur, issues must be discussed.  And if you won’t be at the conference, who will lead that discussion?

The RSA Conference is massive.  The agenda will be full, with or without you.  The exhibition hall will buzz and deals will be made.  I’d like to say that the audience will miss you, but the reality is that most of them won’t realize that you were scheduled to speak in the first place, because the folks that need your leadership most are the ones who don’t read your blog.  They don’t already know you or your opinions.  If you really want to make a difference, come to the conference.  Talk to as many people as you can.  Educate and influence as many attendees as possible.  Teach them what they need to know.  Explain why you lost confidence in RSA, and point them in the right direction.

Furthermore, I’m not sure the conference itself should be boycotted.  It may prove to be RSA’s most lasting legacy.  I’m sure it creates revenue for EMC, but it has grown far beyond being just another self-serving user convention.  It has provided many companies with significant exposure, putting start-ups on the map and even giving rivals a chance to compete.  If you’re truly objecting to RSA Security’s practices, stand tall and help buyers discover alternative vendors.  Many of them will be represented at the conference, you know.

The conference chairman, Dr. Hugh Thompson, doesn’t even work for EMC or RSA.  He’s been very candid about the controversy and the impending discussion, which I appreciate.

“[The RSA Conference] always been an open forum for people to come and talk about security.  No matter what’s on the printed agenda, this is definitely going to be a topic that’s talked about at the conference, and it should be.”

I couldn’t agree more.

Actions speak louder than words, and money talks louder than a bullhorn in a library.  So don’t just talk about boycotting.  Come to San Francisco, step up, speak out, and help the attendees find their way to solutions that are not backed by RSA.  If you aren’t here, it will be a very one-sided conversation.  If you do not speak out, RSA Security will be presenting their point of view with no dissenting opinion or rebuttal.  Twenty thousand attendees are coming in February, not to hear RSA’s pitch, but to hear your opinions and see the alternatives.

So here’s my proposal.  Come to San Francisco and speak.  Just not on stage at the conference, if that makes you uncomfortable.  Speak on the tradeshow floor.  Speak outside the Moscone Center.  Speak in the hotel lobby.  You’re welcome to come speak at SafeLogic’s hospitality suite, for that matter!  But please speak.

BlogFooterWalt

8 Jan 2014

Encryption Becoming Mainstream

forresterEncryption specifically described as mainstream?  By a Forrester analyst??  Now that is a warm welcome to 2014!

I enjoy reading New Year’s predictions.  While security is definitely a trendy topic, one statement recently caught my eye.  James Staten’s 8th prediction in his blog at Forrester:

 Bring-your-own-encryption will dominate the security discussion in 2014. One of the top trending inquiry topics hitting our cloud and security analysts lately are about cloud encryption solutions for AWS and Salesforce.com. You can thank the US NSA for popularizing this trend. Clients are asking for recommendations on offerings that encrypt data before it hits the cloud service and lets the enterprise control the keys. Encryption covers a multitude of sins, and by encrypting the data before it hits the cloud, companies effectively strip the toxicity (and the liability) from the data.

Nailed it.  Staten absolutely nailed it.

There is so much going on in security right now. It’s such an interesting and dynamic space. The latest and greatest products are hitting the market now, from policy-based containers to persistent threat detection and from cloud isolated networks to identity management.  Why?  Because stakeholders are finally focusing on the protection of data.  That’s truly what matters.

There are lots of means to that end, but these exciting new solutions have one thing in common.  They are all leveraging encryption.

Encryption has not been at the forefront of security technology discussion for quite some time.  It’s not glamorous, but it’s the foundation for everything we’re trying to accomplish as an industry.  I’m glad it’s trending and getting some recognition, because that’s exactly why we’re here, providing strong encryption for multiple environments that meets strict standards and is easy to implement.

With encryption, data can be protected in a variety of ways, with a vast array of solutions and strategies.  SafeLogic is working on behalf of the end user, helping developers maximize the power of cryptography and tailor every product to be as secure as possible on each platform.  This is our goal and it’s stellar to see it reflected in the writings of other thought leaders in the industry.  Now let’s get to work and make it a reality!

BlogFooter_Ray