In this episode of the podcast, host Paul Roberts speaks with Colin O'Flynn, CTO and founder of the firm NewAE about his work to patch shoddy software on his home's electric oven - and the bigger questions about owners rights to fix, tinker with or replace the software that powers their connected stuff.

The post Episode 252: Colin O’Flynn On Hacking An Oven To Make It Stop Lying appeared first on The Security Ledger with Paul F. Roberts.

Host Paul Roberts speaks with Marc Blackmer of ShardSecure about that company’s new approach to protecting data at rest, which relies on fragmenting and scattering data to make it impossible to steal.

The post Spotlight: ShardSecure on Protecting Data At Rest Without Encryption appeared first on The Security Ledger with Paul F. Roberts.

Thirty eight years after it was founded, RSA Security is embarking on what may be its most challenging journey yet: cybersecurity startup. In this Spotlight podcast we're joined by RSA CTO Zulfikar Ramzan about the company's path forward as an independent company.

The post Spotlight Podcast: Dr. Zulfikar Ramzan on RSA’s Next Act: Security Start-Up appeared first on The Security Ledger with Paul F. Roberts.

In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Steve Hanna joins us to talk about TCG's 20th anniversary and how the group is tooling up to confront the challenge of securing billions of Internet of Things devices.

The post Spotlight Podcast: Two Decades On, Trusted Computing Group tackles IoT Insecurity appeared first on The Security Ledger with Paul F. Roberts.

The arrival of functional quantum computers may be closer than you think. I'm joined by Avesta Hojjati, Head of DigiCert Labs and Brian LaMacchia, Distinguished Engineer and Head of the Security and Cryptography Group at Microsoft Research to talk about coming quantum revolution and what it means for security.

The post Podcast Episode 133: Quantum Computing’s Security Challenge and Life After Passwords appeared first on The Security Ledger with Paul F. Roberts.

There’s an epidemic of insecure Internet of Things devices. But why? And what is the shortest path to ending that epidemic? In this Spotlight Edition* of The Security Ledger Podcast, we speak with Deepika Chauhan, the Executive Vice President of Emerging Markets at DigiCert. Her job: forging new paths for the use of public key encryption to secure Internet of Things ecosystems. The Internet of Things is poised for massive growth in the years ahead, as billions of new, connected devices come online including physical infrastructure, medical devices, connected vehicles and – of course – consumer goods like home appliances and wearable tech. Concerns about security and privacy threaten to undermine that growth, however, with polls of consumers and the public revealing deep reservations about the security and trustworthiness of connected devices. Deepika Chauhan knows all about those challenges – and the possible solutions to them. She is the Executive […]

The post Spotlight: Deepika Chauhan of Digicert on the Challenges of Securing the Internet of Things appeared first on The Security Ledger with Paul F. Roberts.

In our latest Security Ledger Podcast we talk about Kaspersky Lab’s Cold War tinged smack down with for NSA analyst Dave Aitel of Immunity Inc. Also: Bruce Schneier weighs in on what has and hasn’t changed in the Trump DOJ’s take on strong encryption, while Josh Corman of PTC tells us that federal rules governing IoT security may be closer than we think. To say the past week has been a tough one for Moscow-based security software firm Kaspersky Lab* is the understatement of this young century. The company, which has been dogged by rumors of connections to Russia’s intelligence agency the FSB, was the subject of a Wall street journal article that fleshed out those rumors. The article, by Gordon Lubold and Shane Harris of the Journal alleged the company’s anti virus software was used by Russian intelligence to help steal classified hacking tools from the NSA. That story was followed […]

The post Kaspersky’s Cold War(e), Unpacking DOJ’s Encryption Talk and regulating IoT appeared first on The Security Ledger with Paul F. Roberts.

Like everyone else, we wrote extensively in the last month about the serious security vulnerability in OpenSSL dubbed “Heartbleed,” which affected many of the world’s leading web sites and services, including Facebook and Google. The large-type headlines about Heartbleed have passed. But that doesn’t mean that the danger has. As we have noted,  we are entering a phase that might be considered Heartbleed’s ‘long tail.’ Most of the well-trafficked websites that were vulnerable to Heartbleed have gotten around to fixing the vulnerability. But public-facing web servers are only the beginning of the story for OpenSSL. Chasing down the vulnerability’s long tail in third-party applications and on internal web sites and applications is a much larger task. As I’ve noted: open source components make their way into all manner of applications and bespoke products these days, often without any effort to assess the security of the borrowed code. For companies that need to protect critical IT […]

The post Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix? appeared first on The Security Ledger with Paul F. Roberts.

In a little more than a week, executives from world’s leading technology firms will gather in San Francisco for the RSA Conference, the cyber security industry’s biggest show in North America. No hacker con, RSA is something akin to corporate speed dating for companies in the security industry. But, like so much else in the technology world, this year’s conference has become mired in controversy stemming from Edward Snowden’s leak of classified documents related to government surveillance. In December, Reuters broke the story that, among the documents leaked by Snowden was evidence that RSA, the security division of EMC and parent company to the conference, accepted a $10m payment from the NSA to implement what turned out to be a vulnerable encryption algorithm as the default option for its BSafe endpoint protection product. RSA, the security division of EMC, has denied the allegations that it accepted the money while knowing that […]

The post Snowden RSA Controversy Just One Of Many Facing Security Industry appeared first on The Security Ledger with Paul F. Roberts.

With the New Year fast approaching, it’s (unofficially) ‘prediction season,’ when everyone worth their salt stares into the crystal ball and tries to imagine what the world will look like 12 months hence. To sort through our 2014 predictions, we called on Mark Stanislav, the chief Security Evangelist at Duo Security. Mark is a seasoned security researcher who has taken an interest in the security of the Internet of Things. Earlier this year, we wrote about research Mark did on the IZON Camera, an IP-enabled home surveillance camera that is sold by big-box retail stores like Best Buy, as well as by the Apple Store. Beneath the IZON’s polished exterior, the IZON was a mess of sloppy coding and poor security implementation, Stanislav discovered. Like many IoT devices, IZON cameras punted security to those responsible for the wireless network that it was deployed on – essentially trusting any connection from […]

The post Prediction: Rough Road Ahead in 2014 For Security and Internet of Things appeared first on The Security Ledger with Paul F. Roberts.