security

Results of the experiment “HTTPS and HSTS for ITSecurityNews.info”

I wrote 4 months ago (Aug 14) about the switch to HTTPS per default on the new site ITSecurityNews.info. A week ago I wrote about the experiment of enhancing the headers of the website to show full compatibility with HSTS. Experiment started: HTTPS for ITSecurityNews.info Moving to HSTS   Now it is too early to say what impact the HSTS has over the traffic, but we can have a look on the traffic for HTTPS. Here is the shape:   The red vertical line is the point when I switched to HTTPS. There is a 10% increase in September, but…


Cybersecurity Engineering in the Automotive industry

A lot is happening in the Automotive industry these days. It has to do with connectivity, autonomous driving, autonomous parking, and so on. All these have one thing in common: they are producing extremely large amounts of data which needs to be processed in the backend by very powerful computers. When we talk connectivity, we MUST talk about cybersecurity.   This is why the Automotive industry has started to take this very seriously: We have the  ISO/SAE AWI 21434 : Road Vehicles — Cybersecurity engineering which is in the preparation stage We have the European Automobile Manufacturers’ Association (ACEA) who have released the “Principles of…


How to browse the web really anonymously

I’ve seen a lot of articles on the web about how to browse the web while keeping your privacy. By that I mean, nobody knows who you are, what you are browsing, no history kept, no temporary files remaining on the machine. Most of the articles on the web are created to make advertising to some VPN products. What is the solution? I think that the only solution is to use Tor, more specifically, the Tor Browser. The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody…


Lack of security made simple: Casual Insecurity

I am travelling quite a lot because of my job, working with Avira’s customers to integrate their OEM Technologies. For this reason, I am very often in hotels and airports. Almost everywhere these days, I can find free WiFis: wireless networks with free of charge access. We all know that accessing resources through free WiFis is not the best ideas. Especially, if these networks do not have any kind of password set.   This is how I think that the Lack of Security is made so simple: offer something everybody needs for free and make that as unsecure as possible….


Google Search Console fail over notifications for the WordPress updates

I have quite a lot of WordPress based websites which I run and maintain. One of these is this blog: www.SorinMustaca.com All my WordPress websites are configured to autoupdate to the latest WordPress update. The same applies to their plugins and themes. Google Search Console (GSC) is a tool I used to manage better the registration of my websites with the search engine and their advertising platform Adsense. Yesterday evening I received a couple of emails, one for each of my websites registered with the GSC : Here is the text: Recommended WordPress update available for http://sorinmustaca.com/ To: Webmaster of…



Not yet worried about vehicle hacking? You should be!

  As a matter of fact, it is not only vehicles that can be hacked, actually any IoT device can be hacked. AV-Test.org published this paper about vulnerabilities in the fitness wristbands and Apple Watch, which shows how they tested and how secure the devices are. However, a hack of these IoT devices is not as dangerous as hacking a vehicle. I am not saying that they don’t matter, on the contrary. This is why I am mostly interested in vehicles: hacking can be dangerous and it is, with manufacturer’s permission at least, to improve their security.   According to the RSA…


BMW and cybersecurity

Not a month passes without seeing some major car manufacturer that has cybersecurity issues. This month we have seen made public a report from February 2016 related to BMW. The short story   The BMW ConnectedDrive Web portal was found to contain a vulnerability that could result in a compromise of registered or valid vehicle identification numbers, Vulnerability Lab warns. The security bug, affecting the BMW ConnectedDrive online service web-application, is a VIN (Vehicle Identification Number) session vulnerability, security researcher Benjamin Kunz Mejri reveals. VIN, also known as chassis number, is a unique code used in the automotive industry to…


Do you actually need a security product in your car? Part 3 : Intrusion Prevention and Detection Systems

I ended part 2 with the promise that we will discuss about : 2) Intrusion detection and prevention systems (IDS/IPS or IDPS) From Wikipedia: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are,…


Do you actually need a security product in your car? Part 2: the classical antivirus

I wrote in the first part of this article about Detection, Protection, Remediation and I stopped at the part where we analyze what kind of security products do you need in the car of tomorrow. 1)The classical antivirus We know it to be used mostly for files. But it can much more than that. a) Files There are many files that can enter the car and can produce damages: music video updates (binary or data) scripts configuration files for various subsystems html and javascript (plain text) for rendering Java compiled files (especially if you run Android) possibly Adobe Flash (not sure though) possible…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close