Wednesday, May 28, 2014

Welcome to the The Phygital World

Standards for 'Things'

That thing, next to the other thing, talking to this thing needs something to make it interoperate properly. That's the goal of the Industrial Internet Consortium (IIC) which hopes to establish common ways that machines share information and move data.

IBM, Cisco, GE and AT&T have all teamed up to form the Industrial Internet Consortium (IIC), an open membership group that’s been established with the task of breaking down technology silo barriers to drive better big data access and improved integration of the physical and digital worlds. The Phygital World. The IIC will work to develop a ‘common blueprint' that machines and devices from all manufacturers can use to share and move data. These standards won’t just be limited to internet protocols, but will also include metrics like storage capacity in IT systems, various power levels, and data traffic control.

Sensors are getting standards. Soon.

As more of these chips are getting installed on street lights, thermostats, engines, soda machines and even into our own body the IIC will focus on testing IoT applications, produce best practices and standards, influence global IoT standards for Internet and industrial systems and create a forum for sharing ideas. Explore new worlds so to speak. I think it's nuts that we're in an age where we are trying to figure out how the blood sensor talks to the fridge sensor which notices there is no more applesauce and auto-orders from the local grocery to have it delivered that afternoon. Almost there.

Initially, the new group will focus on the 'industrial Internet' applications in manufacturing, oil and gas exploration, healthcare and transportation. In those industries, vendors often don't make it easy for hardware and software solutions to work together. The IIC is saying, 'we all have to play with each other.' That will become critically important when your imbedded sleep monitor/dream recorder notices your blood sugar levels rising indicating that you're about to wake up, which kicks off a series of workflows that start the coffee machine, heat & distribute the hot water and display the day's news and weather on the refrigerator's LCD screen. Any minute now.

It will probably be a little while (years) before these standards can be created and approved, but when they are they’ll help developers of hardware and software to create solutions that are compatible with the Internet of Things. The end result will be the full integration of sensors, networks, computers, cloud systems, large enterprises, vehicles, businesses and hundreds of other entities that are 'connected.'

With London cars getting stolen using electronic gadgets and connected devices as common as electricity by 2025, securing the Internet of Things should be one of the top priorities facing the consortium.

ps

Related:


Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, May 21, 2014

Moving Target

bekinsblur I moved recently. Not too far away nor to a different state, just the other side of town. It is simultaneously exhilarating and exhausting. Most people in the U.S. moving during the summer. Kids are out of school, the weather is mostly nice, friends might be available to help and you are settled in for the holidays. And while you are worrying about packing, movers, mail and all the other check lists, your identity is ripe for the picking.

The increased risk of identity theft during a move is because personally identifiable information is being shuffled around from one home to the next. At the same time, buyers and renters are preoccupied with the move and can forget to protect their sensitive documents. You may lock up or personally carry your jewelry, checkbook and other 'valuables' but your personal information might be unprotected and targeted during a move.

If you are moving this summer like I just did, there are a few things you can do to minimize the risk. While most moving sites have 'Change of Address' as their top protection mechanisms (which we'll get to), I feel that shredding old bills, receipts and financial info is critical. First, you might not want to drag all that old paperwork with you, especially if you are paying by the pound but more importantly, shredding important documents can prevent thieves from finding any information in your trash. Old-skool dumpster diving is still a viable method to steal personal information. You also might not want the movers themselves to have access to those documents, particularly if you are having them help pack. I was fortunate to find reputable movers but mover fraud is becoming more commonplace in the U.S.

Mail call! What? Oh yea, Change of Address. Seems like a no brainer, filling out a postal change of address but it is also important. Make the change with all the companies, financial institutions, magazines, and other organizations that regularly send you mail. Identity theft is often carried out by stealing mail. The folks who move into your old house might not steal your identity, but they will most likely throw away mail that isn’t theirs, and they won’t necessarily take the care to shred it as you would. If your mail continues to be delivered to your old address, it might be left on the doorstep or in an unlocked mailbox, making it very easy for anyone to walk away with it.

Lock down your electronics. Many households have multiple computers now including tablets, mobile phones and other 'things' storing sensitive information. These are a treasure trove. You can carry/pack yourselves and make sure they are always in your possession or password protect and place in a slightly unmarked box. Maybe label it as 'dog food' and the crook, movers or otherwise, just might pass it over. If you plan on donating or recycling your old computer(s), make sure you totally erase the hard drive since criminals can easily retrieve those files and sue them for no good. Slightly related to this, I recently bought a refurbished Blu-ray player with various streaming services. I wanted to replace the one we broke with the exact same one but they stopped making that model. When it arrived, I went in to configure our Netflix account. So I clicked the Netflix icon and it loaded fine. Wait a minute, that's not my Instant Que. Whoever had the unit prior to me, still had their Netflix saved and I could see all their viewing habits. Old episodes of Leave it to Beaver and Attack of the 50 Foot Cheerleader.

And keep an eye out for yourself before, during and after. Check credit monitoring if you have it; your credit report a few months later for anything suspicious; that all your mail is arriving intact; that all your household items are accounted for; and we often leave cars, garages, and other entrances wide open when moving so keep an eye there, if the location warrants.

Physical items can be used to create digital identities and while we may read about ID theft topics when computer breaches are reported, the physical realm is still ripe with fraudsters. Everything is game nowadays but you can take physical and digital action to stay safe when you are finally home sweet home.

ps

Resources:

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, May 14, 2014

Uncle DDoS'd, Talking TVs and a Hug

Information security is one of those areas where a lot is always happening. From breaches to vulnerabilities to scams to anything else that's designed to store, protect or even attack and pilfer our sensitive information, information security encompasses a lot of things. A Three Ring Circus, Three Little Pigs, The Three Stooges and when three different stories grab my attention, well I just gotta share.

SCMagazine.com had an interesting story yesterday talking about how two servers designed to prevent DDoS attacks were, themselves, used in a DDoS attack. Incapsula reported that it had to fend off a sizable DDoS attack that was launched using high-capacity servers hijacked from a DDoS protection services provider. The attack itself was against an online gaming site and the attackers actually hijacked and commandeered two high capacity servers from a DDoS protection service provider to spearhead the attack. The service provider was so focused on incoming traffic, they had to be notified to take a look at the massive outgoing traffic being sent. While the DDoS protection market has grown with many outsourcing solutions, it is still a shared service. Remember the old tiered-hosting-separated-by-a-partition days? Even if you are not the target, you still might be caught up in it if your neighbor is.

Next up is security experts at NCC Group said SmartTVs with built-in microphones and storage can be turned into bugging devices by malware and used to record conversations. Not to mention remotely turning on the TV camera at will. They did need physical access to the TV to install the malware but as more TV apps get developed, it is conceivable that a malicious app could be downloaded to the TV for the same purpose. They demonstrated how they could capture 30 seconds of buffered mic audio but could have also manipulated more to use internal storage and send the audio files to an awaiting server. NCC engineers wanted to highlight the security shortcomings on the home front of the Internet of Things. Start to get used to no privacy in the privacy of your home.

And last but certainly not least, Thieves steal ID and credit card data with a hug. OK, I'm Hawaiian and we are a bunch of huggers so this is interesting. Apparently a Georgia woman was approached at a gas station by another woman begging for some money so she could put gas in her car. The kind, generous woman gave the crooked lady $20. With a full Oscar nominated performance, the crooked lady wept with joy and wanted to thank the generous one with a hug. Embrace ensued. So touched by the gesture, the man with the crooked lady got out of the car and also wanted to physically thank the Samaritan. The next morning she realized why they wanted to hug her when she discovered that $3000 was gone from her bank account. $2400 from a grocery store and another $200 plus from ATMs. The thieves got close so they could scan her for RFID enabled cards. She had her credit cards in her front pocket and was scanned during the not so loving embrace. Well that sucks. The cool thing is that the woman is not jaded and will continue to help others. Nice.

And to those I know: If we typically hug when we see each other, I promise won't be scanning your pockets.

ps

Related

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Wednesday, May 7, 2014

The Reach of a Breach

It comes as no surprise that the CEO of Target has resigned in the wake of their massive data breach. The 2nd executive, if I remember correctly, to resign due to the mishap. Data breaches are costly according to the most recent Ponemon 2014 Cost of Data Breach Study: United States and the main reason for the steep increase in costs is 'the loss of customers following the data breach due to additional expenses required to preserve the organization's brand and reputation.' The cost of each lost or stolen record, on average, increased from $188 to $201 per record from 2012 to 2013 - a 9% increase.

But that's not all, In 2013, there appeared to be 'an abnormal churn rate' of 15% of customers abandoning companies, especially those in financial services, hit by a breach says Ponemon. I'm always curious about that. I usually avoid stores that have been recently compromised wondering if something is lingering yet think, they gotta be on high alert, especially with law enforcement involved. Maybe it's as safe as it ever will be.

A recent Courion survey of IT security executives showed that 78% of respondents say they're anxious about the possibility of a data breach at their organization. If there were a massive security breach at these companies, 58.8% said 'protecting the privacy of our customers' would be top priority and 62.7% would lament about 'negative publicity affecting the company brand' due to the breach. Maybe that's the problem. They're more worried about their image than they are of protecting our info. It's the 58.8% you want to shop at.

Reaching for more, Symantec’s Internet Security Threat Report (ISTR), Volume 19, shows a big change in cybercriminal habits, revealing the bad guys are plotting for months before pulling off the huge heists – instead of popping quick hits with smaller bounty. One big is worth fifty small. In 2013, there was a 62% uptick in the number of data breaches exposing more than 552 million identities. That's about 10% of the planet's population, give-or-take.

And finally, there have been a few companies that have gone out of business due to a leakage but a few months ago a data breach also closed some Seattle area Catholic schools. According to the Seattle Archdiocese, at least three Roman Catholic parishes and the Archdiocese’s chancery offices had been targeted by a tax-fraud scheme. In order to allow those who were victims time to contact the appropriate institutions during school hours, they cancelled classes. How's that for reach.

ps

Related:

 

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]