Embedded Security for IoT lies in the Chip

What furore there has been about IoT security has mostly been couched in terms of the disasters that await us when all the “things” attack our networks because all those devices are so easily compromised and are often ideal platforms for distributed denial-of-service and other attacks. This particular theory of the apocalypse was bolstered almost entirely by reference to last fall’s Mirai botnet, which centered on webcams that were pwned in large part because they were on the open internet with default administrator passwords.

If you can build your own botnet by running a scan for open Linux telnet servers, you are clearly still in the era of rookie mistakes.Throw in IoT gateways that close down port 23 and it might seem like the network is a happy place again. But beyond idiot-proofing webcams and stopping attack traffic emanating from light bulbs and toasters, there is a fundamental security concern: How do IoT vendors stop malicious alteration of the software — and, thus, the behavior — of what could well be highly sensitive devices? (Read More)

World’s First Open Source Cybersecurity Learning Platform “Cybrary’’ Secures $3.5M

Cybrary, the world’s first open source cyber security and IT learning and certification preparation platform, has secured $3.5 million in Series A funding through Arthur Ventures with participation from Ron Gula, founder of Tenable Network Security, and other existing investors.

Cybrary levels the playing field for those who want to advance in or start a cybersecurity or IT career by providing anyone with access to the tools they need to be competent and confident in the field. Through its open-source model, Cybrary is actively working to fill the gap between open cybersecurity and IT positions and experienced practitioners. Many of the world’s top companies and organizations, including Hitachi, Tenable, and Tripwire use Cybrary to develop their teams’ cybersecurity and IT skills and get certification-ready. (Read More)

No, Apple’s Face ID Is Not A ‘Secure Password’

Apple has announced its new smartphone, iPhone X. The device is extremely expensive, starting at $999 (or $1331 in the UK), so potential buyers are asking themselves: Is it really worth it?

One factor that might influence your decision is the fact Apple seems to want more money for fewer features. Most prominently, iPhone X doesn’t include a ‘Touch ID’ fingerprint authentication system but instead checks that your identity is authentic with ‘Face ID’, which is used to unlock the phone and authorize payments. That prompts another question: Is Face ID better?

You might expect a new system to offer better security, and Apple’s website states that ‘Your face is your secure password’. That statement is misleading, however. (Read More)