General

Do you actually need a security product in your car? Part 2: the classical antivirus

I wrote in the first part of this article about Detection, Protection, Remediation and I stopped at the part where we analyze what kind of security products do you need in the car of tomorrow. 1)The classical antivirus We know it to be used mostly for files. But it can much more than that. a) Files There are many files that can enter the car and can produce damages: music video updates (binary or data) scripts configuration files for various subsystems html and javascript (plain text) for rendering Java compiled files (especially if you run Android) possibly Adobe Flash (not sure though) possible…


Let the competition for “securing the car” begin!

I didn’t actually want to write such a post, but several press releases drew my attention. So, the competition to protect the car has begun. Big players are now on the hunt for customers. But, when you talk to customers like Daimler, VW, BMW, Nissan and others, the discussions  will take a while. I will maintain the list below with technologies I see in categories. Please note that I write here only vendors that actually have a technology that mitigates threats in the cars and not just any vendor that talks generic about IoT or embedded solutions. I also exclude solutions which address…


Do you actually need a security product in your car? Part 1: Prevention, Detection, Remediation

Note: This is going to be a somehow longer article which I will finish in a couple of related posts.   A security product is a program that Prevents that malware enters the system Detects if previously unknown malware is running on the system Remediates the actions of detected malware on the system Note that it is not mentioned *how* PDR gets implemented in practice. There are many ways to implement them and it is out of the scope of this article how this gets realized.   Back to our question: Do you actually need a security product in your car?…


What is this Google Trader?

Short story: It is a waste of time and money, possibly even a scam!   Long story: There are lots of ways to lose your money in this world, but here’s one I never thought before: binary option Web sites. But, what the hack is “binary option trading”? Don’t need to read all. I marked with Red and Bold what are the most critical parts. 🙂 From Wikipedia: A binary option is a financial option in which the payoff is either some fixed monetary amount or nothing at all. While binary options are used in a theoretical framework as the building…


To Pentest or not to Pentest: is this really the question?

I wrote before about Pentesting in the article “What is Pentesting, Vulnerability Scanning, which one do you need?” . If you’re a company having web services of any kind or a kind of backend, you are asking yourself if you should only do pentesting or make things right and do the entire risk assessment and threat modeling exercise. Pentesting is like an insurance showing to the external world that your product will not be hacked easily once it is live. The common understanding these days, is that pentesting identifies such errors and helps the company to fix them. It might find…


Dramatic change to storage limits in OneDrive!

OneDrive’s only advantage in comparison to Dropbox, GDrive and others were:  15 GB of space (OK, Google offers the same, but for all your data, including photos and email) Availability on all types of devices through apps (also non Microsoft) Now, they reduced the space 3 times ! Starting July 27 you get only 5 GBs! I wonder why… Probably due to abuse.   Changes to OneDrive We want to let you know about some upcoming changes to OneDrive. On July 27, 2016, the amount of storage that comes with OneDrive will change from 15 GB to 5 GB. We are also discontinuing…


The sad status of online advertising … now gets to the real topic

I wrote a few days ago a post about the The sad status of online advertising, talking about the practices of Forbes which forces the read to disable ad-blockers. Later, in a second post called A new type of fraud: News Scareware, I mentioned Washington Post that is enforcing the email address of the user in order to allow reading. Now, I have seen the cherry on the top of the cake: Wired .   They request the user to either disable ad-blockers or to pay $1/Week for an ad-free version.   Again, I am not against paying for a magazine. I am against…


A new type of fraud: News Scareware

After posting the article with the ads, I thought that I covered all stupid things that online publications do to force their readers to pay, subscribe or to disable ad blockers. Well, this was not correct… The stupidity goes on… with Washington Post.   They request your email address in order to allow you to read any article. I tried first to add some bogus email address so that I move on. But, these guys take things really serious. They connect to the SMTP server and try to authenticate if the user exists. If it doesn’t work, you get an…


Cybersecurity vs. Information Security (infosec)

Somebody asked me why do I have in my LinkedIn profile “IT Security Expert” and in my company website www.mustaca.com “Sorin Mustaca Cybersecurity”. In order to answer that, I need to clarify the difference between Cybersecurity and Information Security (infosec). I googled a bit because I don’t have too much time and I did find something which is closest to my opinion. See Sources for a list.   Information security (or “InfoSec”) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the…


“Cyber Security” or “Cybersecurity” ?

“Cybersecurity” and “cyber security” are getting more and more mixed usage lately, so much that they are becoming almost as ambiguous as the term “cloud” was a few years back. The challenge information security executives and professionals are faced with is knowing  ̶  as the title implies  ̶  when and why the term should be used and how it should be presented, as a single word or two. While there isn’t any recognized authority on the subject per se, there are at least some credible sources providing guidance that can help those of us in the industry to decide on…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close