Tag Archives: Law

My latest Gartner research: Market Insight: Security Market Transformation Disrupted by the Emergence of Smart, Pervasive and Efficient Security

1 February 2017  |  …fits into/addresses these situations. Analysis by Perry Carpenter and Lawrence Pingree Technologies such as cloud, software-defined networking (SDN), network…or managed services. Analysis by Ruggero Contu, Perry Carpenter and Lawrence Pingree By 2020, integrated security models, such as…

Gartner clients can access this research by clicking here.


[ISN] Severe weaknesses in Android handsets could leak user fingerprints

http://arstechnica.com/security/2015/08/severe-weaknesses-in-android-handsets-could-leak-user-fingerprints/ By Dan Goodin Ars Technica Aug 10, 2015 HTC and Samsung have patched serious vulnerabilities in some of their Android phones that made it possible for malicious hackers to steal user fingerprints. The researchers who discovered the flaws said that many more phones from all manufacturers may be susceptible to other types of fingerprint-theft attacks. The most serious of the flaws was found on HTC’s One Max handset. According to researchers at security firm FireEye, the device saved user fingerprints as an unencrypted file. Almost as bad, the BMP image was readable by any other running application or process. As a result, any unprivileged process or app could obtain a user’s fingerprints by reading the file. Attackers could capitalize on the weakness by exploiting one of the many serious vulnerabilities that regularly crop up in Android or by tricking a target into installing a malicious app. HTC fixed the issue after FireEye privately reported it, according to this summary, which didn’t provide a date or other details of the update. […]


[ISN] Researcher says he can hack GM’s OnStar app, open vehicle, start engine

http://venturebeat.com/2015/07/30/researcher-says-can-hack-gms-onstar-app-open-vehicle-start-engine/ By Bernie Woodall in Detroit and Jim Finkle in Boston Reuters July 30, 2015 BOSTON/DETROIT (Reuters) – A researcher is advising drivers not to use a mobile app for the General Motors OnStar vehicle communications system, saying hackers can exploit a security flaw in the product to unlock cars and start engines remotely. “White-hat” hacker Samy Kamkar posted a video on Thursday saying he had figured out a way to “locate, unlock and remote-start” vehicles by intercepting communications between the OnStar RemoteLink mobile app and the OnStar service. Kamkar said he plans to provide technical details on the hack next week in Las Vegas at the Def Con conference, where tens of thousands of hacking aficionados will gather to learn about new cybersecurity vulnerabilities. Kamkar released the video a week after Fiat Chrysler Automobiles recalled some 1.4 million vehicles after hacking experts demonstrated a more serious vulnerability in the Jeep Cherokee. That bug allowed them to gain remote control of a Jeep traveling at 70 miles per hour on a public highway. […]


[ISN] Critical BIND denial-of-service flaw could disrupt large portions of the Internet

http://www.computerworld.com/article/2955005/security/critical-bind-denialofservice-flaw-could-disrupt-large-portions-of-the-internet.html By Lucian Constantin IDG News Service July 30, 2015 Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users. The vulnerability affects all versions of BIND 9, from BIND 9.1.0 to BIND 9.10.2-P2, and can be exploited to crash DNS servers that are powered by the software. The Domain Name System is the Internet’s phone book. It’s used to convert domain and host names into numerical Internet Protocol (IP) addresses that computers need to communicate with each other. The DNS is made up of a global network of servers and a very large number of them run BIND, a software package developed and maintained by a nonprofit corporation called the Internet Systems Consortium (ISC). The vulnerability, announced and patched by ISC Tuesday, is critical because it can be used to crash both authoritative and recursive DNS servers with a single packet. […]


[ISN] United Airlines Pays Man a Million Miles for Reporting Bug

http://www.wired.com/2015/07/united-airlines-pays-man-million-miles-reporting-bug/ By Kim Zetter Security Wired.com July 15, 2015 TWO MONTHS AFTER United Airlines launched a bug-bounty program to reward researchers who report flaws in the company’s web site and apps, a researcher has received 1 million air miles in the first reward given. After submitting information to United about a remote-code execution flaw in the airline’s web site, Jordan Wiens was awarded his mileage last week. It was the first time Wiens, owner of the Florida-based security firm Vector 35, had submitted to a bug-bounty program. United is the first airline to launch a bug bounty program. The company announced the program in May, after receiving harsh criticism for banning a security researcher from one of its flights. […]