Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - 5 Strategies To Make IoT More Secure (impekable.com)

FabianneImpekable writes: Adding sensors and WiFi connectivity to everyday devices? What could possibly go wrong?

According to IoT security solutions company Zingbox, IoT is only going to get larger with 7 billion new devices added by 2020. As devices evolve, threats will evolve as well. There was a study conducted by Hewlett-Packard that found that “70 percent of Internet of Things devices are vulnerable to attack.” These vulnerabilities have been exploited by hackers in big ways, for insecure Internet of Things devices not only compromise homes and enterprise, but also put our government agencies and industrial plants at risk.
Although it takes a lot of work to fully secure devices from hackers, here are some relatively simple things IoT companies can do to improve their security.

#1. Password authentication
Seems obvious right? However, one of the most common ways connected devices get breached in the first place is that there are people who do not think to change the default password. There are websites that expose this security flaw by hosting live streams of these devices (as you can see in the picture above).
IoT device companies not only need to provide users with the option to change their password, but they need to make it an essential part of their onboarding flow. Requiring first-time users to change their default password would protect devices drastically.
IoT developers can take this a step further by requiring a two factor authentication through the user’s smartphone so it will make it even harder for hackers to get in.

#2. Visibility of connected assets
There are network administrators who aren’t aware of all the connected devices on their network. Using the medical industry as an example, administrators might be able to see other computers perhaps, but they might not be able to see the other connected devices such as blood pressure monitors or weight scales.

Not being able to keep tabs on all your connected devices makes it prime for hackers to exploit the relatively low security protections for these devices. IoT companies need to find a way to program these devices to be visible for administrators to keep tabs on their network.

#3. Make it easy to install new security patches
With many the existence of smart thermometers, smart door bells, and even smart window blinds, the life cycle for an IOT device is a lot longer than your typical computer or phone.

Within this lifespan, there will be new security threats and exploits that arise, so IoT companies should make devices that can adapt accordingly. One way to do this is to build devices with a standard OS so security software can be installed easily and remotely.

#4. Use less permissions
When you’re installing a new smart device, not only are you trusting it to function, you are also trusting it with permissions like access to your information or your camera. It is important for IoT devices to only ask for the permissions they need. Maybe my fridge doesn’t need to know my location. Excess permissions just adds one more thing for hackers to access on your network.

#5. Threat detection
Last but not least, IoT companies should build their devices to know when someone is attempting a security breach in real time. They should know how many attempted logins occurred. There are administrators responsible for these connected networks that have no idea when and where these security threats are occurring.

Conclusion
The growing demand in the Internet of Things shows the consumer market’s eagerness to turn their home into a smart house. However, this has led to the release of some devices with glaring vulnerabilities. Companies entering this industry need to be cautious of potential security threats and build their devices accordingly.

Submission + - SPAM: iRobot plans hunter-killer version of Roomba

rocket rancher writes: Colin Angle, CEO of iRobot, the developer of the Roomba domestic robot, announced late last month that his company will develop a hunter-killer drone for RISE (Robots in Service to the Environment) to combat the human-caused invasion of lionfish along the south-eastern US seaboard, which, according to the NOAA, pose a serious threat to reef environments.

The PBS article that I cited above caught my eye because I may have helped contribute to the start of this problem when I was stationed on Okinawa back in the mid-Eighties. I helped a friend and fellow diver with an import license collect these lethal little beauties for sale to tropical fish dealers in the US. We would hunt them at night by herding them, one at a time, into a mesh specimen bag and then transferring them to a larger holding bag, being extremely careful to avoid their neurotoxin-equipped spines. They are very exotic looking, thanks to their defensive spines and external gill clouds, so there was a steady demand for them by stateside aquariums and exotic fish collectors. We could make a hundred dollars capturing a couple dozen of them over the course of a few nights every couple of weeks, which nicely supplemented our paychecks.

Submission + - British Companies Are Selling Advanced Spy Tech To Authoritarian Regimes (vice.com)

An anonymous reader writes: Since early 2015, over a dozen UK companies have been granted licenses to export powerful telecommunications interception technology to countries around the world, Motherboard has learned. Many of these exports include IMSI-catchers, devices which can monitor large numbers of mobile phones over broad areas. Some of the UK companies were given permission to export their products to authoritarian states such as Saudi Arabia, the United Arab Emirates, Turkey, and Egypt; countries with poor human rights records that have been well-documented to abuse surveillance technology. In 2015, the UK's Department for Business, Innovation and Skills (BIS) started publishing basic data about the exportation of telecommunications interception devices. Through the Freedom of Information Act, Motherboard obtained the names of companies that have applied for exportation licenses, as well as details on the technologies being shipped, including, in some cases, individual product names. The companies include a subsidiary of defense giant BAE Systems, as well as Pro-Solve International, ComsTrac, CellXion, Cobham, and Domo Tactical Communications (DTC). Many of these companies sell IMSI-catchers. IMSI-catchers, sometimes known as “Stingrays” after a particularly popular brand, are fake cell phone towers which force devices in their proximity to connect. In the data obtained by Motherboard, 33 licenses are explicitly marked as being for IMSI-catchers, including for export to Turkey and Indonesia. Other listings heavily suggest the export of IMSI-catchers too: one granted application to export to Iraq is for a “Wideband Passive GSM Monitoring System,” which is a more technical description of what many IMSI-catchers do. In all, Motherboard received entries for 148 export license applications, from February 2015 to April 2016. A small number of the named companies do not provide interception capabilities, but defensive measures, for example to monitor the radio spectrum.

Submission + - SPAM: FBI Files Say China Firm Pushed U.S. Experts for Nuclear Secrets

mdsolar writes: A state-owned Chinese power company under indictment in the U.S. pressed American nuclear consultants for years to hand over secret technologies and documents they weren’t supposed to disclose — and in some cases it got them, several of the consultants have told the FBI.
Summaries of the consultants’ interviews with agents from the Federal Bureau of Investigation were filed this month in a federal court where the company, China General Nuclear Power Corp., has been charged with conspiring to steal nuclear technology.
The FBI documents surfaced shortly after the same company became a focus of concerns across the Atlantic: The U.K. last month delayed approval of the country’s biggest nuclear power station in a generation as questions swirled about whether China General Nuclear’s investment in the plant poses a security risk.

The filings provide a window into the tactics of CGN, China’s biggest nuclear power operator. One of the consultants said CGN employees asked for off-limits operational manuals to nuclear equipment and software, according to the interview summaries. Another said he was asked to provide proprietary temperature settings for material used to contain nuclear fuel. After he refused, he wasn’t offered more consulting jobs, he told the FBI.
Employees of CGN “frequently asked for documents which were proprietary or limited to restricted access,” according to a summary of one interview. In several instances, the company got what it wanted, according to the FBI documents.

Link to Original Source

Submission + - The Big Driver of Mass Incarceration That Nobody Talks About (the-american-interest.com) 1

schwit1 writes: If you follow media coverage of America’s mass incarceration problem, you are likely to hear a lot about unscrupulous police officers, mandatory minimums, and drug laws. But you are unlikely to hear these two words that have probably played a larger role in producing the excesses of the American criminal justice system than anything else: plea coercion.

The number of criminal cases that actually go to trial in America is steadily dwindling. That’s because prosecutors have so much leverage during plea bargaining that most defendants take an offer—in particular, defendants who are held on bail, and who might need to wait in jail for months or even years before standing trial and facing an uncertain outcome.

We reported last week on a study from Columbia showing that all things being equal, defendants in Pittsburgh and Philadelphia who were made to pay bail are much more likely to plead guilty. Since then, a separate study from researchers at Harvard, Princeton and Stanford has come out that reaches a similar conclusion. . . .

Of course, bail remains a vital tool for judges, and some defendants are too dangerous to be let out before their trial, period. But there are ways we might be able to reform the pre-trial detention system so as to reduce the number of defendants who simply resign themselves to a guilty plea out of desperation since they can’t come up with the money to buy their temporary freedom. For example, the average amount of money bail assessed should be reduced (it has risen exponentially over the last several decades) and courts should experiment with ankle bracelets and home visits to monitor defendants rather than holding them in a jail cell before they have been convicted of a crime.

The focus on policing and minimum sentences and drug laws in the public discourse is all well and good. But if they are serious about making our justice system more fair and less arbitrary, criminal justice reformers should devote more of their efforts to reforming what happens in the period after arrest and before sentencing. That’s an area where big progress can be made with relatively straightforward, and politically palatable reforms.

Submission + - Mobile providers sell data about user location to third parties (observer.com)

An anonymous reader writes: The Observer got a look at some aggregated data about two Donald Trump rallies in Indiana before the primary in that state, and it illustrated the kind of data mobile providers can collect and that they also sell.

For example, he said, there were an unusually high number of Android users in the audiences. “This is somewhat indicative of a lower income bracket,” he explained. Saying that the Samsung S5 was the most popular phone at the two events, “which is kind of an old phone. These are not people buying the latest technology,” he said.

As the old adage goes: if you don't pay for the product, you are the product. Except, consumers do pay for mobile service, yet they still become products.

Submission + - American broadband, what's wrong with you? (networkworld.com) 1

Miche67 writes: The next time you turn off the video feature during a Google Hangout or Skype video call, don’t blame those companies. American broadband is the culprit, says Steven Max Patterson.

He says the video feature works perfectly during international video calls, but within the U.S.? Forget it. People would rather use plain old telephone service (POTS) than deal with video calls.

At a time when virtual reality is on the verge of delivering 3D virtual communications, and Hangouts and Skype are free, many people rely on old-fashioned one-dimensional POTS voice conferencing. They don’t use Skype and Google Hangouts because their bad experiences with video calls convinced them that the quality of these apps isn’t good enough.

But those apps aren't the problem, Max Patterson asserts. It's the broadband providers. According to Akamai's [state of the internet] Q1 2016 report, the U.S. isn't among the top broadband providers.

Submission + - Older Workers Adapt To New Technology Just Fine, Survey Finds (cio.com)

itwbennett writes: Those older workers in your office, you know, the one ones you think can't handle dealing with new technology? Turns out, they struggle less with technology than their millennial colleagues. A survey by London-based market research firm Ipsos Mori, sponsored by Dropbox, found that older workers are less likely to find using technology in the workplace stressful and experience less trouble working with multiple devices than the younger cohort. The reason for this might lie in all the clunky old technologies older workers have had to master over the decades. Digital Natives don't know how good they've got it.

Submission + - SPAM: Where did the Big Bang occur? A smart answer to a dumb question.

StartsWithABang writes: Asking where in space the Big Bang happened is like asking where the starting point of Earth’s surface is. There’s no one “point” where it began, unless you’re talking about a point in time. The reality is that, as far as space is concerned, the Big Bang occurred everywhere at once, and we have the evidence to prove it. If the Big Bang were an explosion, we would discover ourselves in a Universe that had a preferred location with different densities surrounding it, but instead we see a Universe that has the same density everywhere. We’d see a Universe that looked different in different directions, yet we see one that’s uniform to better than one part in 10,000 in each direction we look. And we see a Universe that exhibits zero spatial curvature: one that’s indistinguishable from flat. The Big Bang happened everywhere at once. This is how we know it, and this is what it means.

Submission + - Funds Flow to Companies that Figure Out Predictive Analytics

StewBeans writes: A recent article in Institutional Investor suggests that smart investors are keeping a close eye on companies that are making use of predictive analytics. The article notes that "companies that know how to increase engagement, recommendations and all the rest of the tactics predictive analytics unlocks will be better positioned to turn in strong profits." Gartner also predicts that advanced analytics, including predictive modeling, will be among the fastest-growing segments of the overall analytics market, likely to attract 40% of net new investment in BI and analytics by 2020. Businesses looking to stay ahead of this trend should "avoid shooting in the dark to isolate patterns from randomness," as VP of advanced analytics for Kaplan puts it. He provides insight into the three major considerations that will save organizations a lot of time and resources as they embark on their predictive analytics projects.

Submission + - Forget "bottom-up" reporting of emissions. Try an atmospheric monitoring system (thebulletin.org)

Lasrick writes: Ray Weiss at the Scripps Institution of Oceanography describes how countries report greenhouse gas emissions--a 'bottom-up' approach that can result in inventories that differ from those determined by measuring the actual increases of emitted gases in the atmosphere. Weiss proposes a 'top-down" atmospheric monitoring system for greenhouse gases and goes into the technology that already exists for doing so. Fascinating stuff.

Submission + - Tracking Caucusgoers by their Cell Phones (schneier.com)

Okian Warrior writes: Dstillery gets information from people's phones via ad networks. When you open an app or look at a browser page, there's a very fast auction that happens where different advertisers bid to get to show you an ad. Your phone sends them information about you, including, in many cases, an identifying code (that they've built a profile around) and your location information, down to your latitude and longitude.

On the night of the Iowa caucus, Dstillery flagged auctions on phones in latitudes and longitudes near caucus locations, some 16,000 devices. It then looked up the characteristics associated with those IDs to make observations about the kind of people that went to Republican caucus locations versus Democrat caucus locations. It drilled down farther by looking at which candidate won at a particular caucus location.

Submission + - Humans Are More Toxic to Wildlife than Chernobyl (vice.com)

derekmead writes: The Chernobyl disaster remains the worst nuclear accident in human history, with a death toll that is difficult to tally even decades later. Given the sobering reach of the resulting radiation contamination, you might expect the Chernobyl Exclusion Zone—the 4,200 square kilometers in the immediate vicinity of the explosion—to have suffered serious long-term ecological damage.

Surprisingly, though, a study published today in Current Biology shows that wildlife in the exclusion zone is actually more abundant than it was before the disaster. According to the authors, led by Portsmouth University professor of environmental science Jim Smith, the recovery is due to the removal of the single biggest pressure on wildlife—humans.

Submission + - Cold Fusion Rears Ugly Head with Claims of Deuterium Powered Homes (hackaday.com)

szczys writes: Ah, who can forget the cold-fusion fiasco of the early 1990's? Promises of room-temperature fusion machines in every home providing nearly-free energy for all. Relive those glory days of hype with this report of Deuterium-Based Home Reactors. Elliot Williams does a good job of deflating the sensationalism by pointing out all of the "breakthroughs", their lack of having any other labs successfully verify the experiments, and the fact that many of the same players from the news stories in the 90s are once again wrapped up in this one.

Submission + - Another Pharma Company Recaptures a Generic Medication (forbes.com)

Applehu Akbar writes: Daraprim, currently used as a niche AIDS medication, was developed and patented by Glaxo (now GlaxoSmithKlein) decades ago. Though Glaxo's patent has long since expired, a startup called Turing Pharmaceuticals has been the latest pharma company to 'recapture' a generic by using legal trickery to gain exclusive rights to sell it in the US.
Though Turing has just marketing rights, not a patent, on Daraprim, it takes advantage of pharma-pushed laws that forbid Americans from shopping around on the world market for prescriptions. Not long ago, Google was fined half a billion dollars by the FDA for allowing perfectly legal Canadian pharmacies to advertise on its site. So now that Turing has a lock on Daraprim, it has raised the price from $13.50 a pill to $750.

In 2009 another small pharma company inveigled an exclusive on the longstanding generic gout medication colchicine from the FDA, effectively rebranding the unmodified generic so they could raise its price by a similar percentage.

Slashdot Top Deals

"Ada is PL/I trying to be Smalltalk. -- Codoso diBlini

Working...