Your weekly digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: The Dark Web reveled thousands of Comcast customer login information, even though Comcast is claiming it has not suffered a breach. FBI is still stating the most efficient way to regain control after a ransomware attack is to pay the ransom. Intel has created a ‘tiny smart home’ to demonstrate how a house relying in IoT actually can be secure. A glance into the online forum for experts revels that a worrying amount of developer do not know how to handle encrypted information and companies are making the mistake of emailing plain text passwords.
Cable giant Comcast announced Monday that 200,000 of its customers will have to reset their login information after a suspected security breach, although the company denies it was hacked. It’s likely that the login information became available when customers accidentally installed malware, or were exposed to phishing or previous major data breaches. It’s unclear still where exactly the data came from, but Comcast insists that their systems did not fall victim to a breach.
FBI spokeswoman Kristen Setera declined to say if FBI officials recommend paying ransom to hackers, as Mr. Bonavolonta stated. She said the agency “works closely with the private sector so that companies make informed decisions in response to malware attacks.” She also said companies can prevent malware infection by using backup and detection systems.
In decades to come, homes will get considerably “smarter,” with control of more of today’s common functions being outsourced to the Internet and often managed remotely — the promise of the so-called Internet of Things. Free said Intel envisions a world where homes talk to cars and neighborhoods, and in turn communicate with a whole city network. “We’ve spent a lot of time thinking about how we can build in security starting with the silicon — the semiconductors — and going up through the software to the cloud,” he said.
A quick glance at Stack Exchange reveals a worrying number of developers who don’t know how to handle encryption or store usernames and passwords securely. Many companies have support practices that put customer data at risk, from technical mistakes like cross-site scripting vulnerabilities or serving login pages insecurely, to poor architectural decisions like blocking password managers or handling password resets badly, including emailing plain text passwords.