Sign up for our Technology Newsletter 
Tech Firms Form OTrP To Support IoT Security
Comments Off on Tech Firms Form OTrP To Support IoT Security
A bunch of tech firms including ARM and Symantec have joined forces to create a security protocol designed to protect Internet of Things (IoT) devices.
The group, which also includes Intercede and Solacia, has created The Open Trust Protocol (OTrP) that is now available for download for prototyping and testing from the IETF website.
The OTrP is designed to bring system-level root trust to devices, using secure architecture and trusted code management, akin to how apps on smartphones and tablets that contain sensitive information are kept separate from the main OS.
This will allow IoT manufacturers to incorporate the technology into devices, ensuring that they are protected without having to give full access to a device OS.
Marc Canel, vice president of security systems at ARM, explained that the OTrP will put security and trust at the core of the IoT.
“In an internet-connected world it is imperative to establish trust between all devices and service providers,” he said.
“Operators need to trust devices their systems interact with and OTrP achieves this in a simple way. It brings e-commerce trust architectures together with a high-level protocol that can be easily integrated with any existing platform.”
Brian Witten, senior director of IoT security at Symantec, echoed this sentiment. “The IoT and smart mobile technologies are moving into a range of diverse applications and it is important to create an open protocol to ease and accelerate adoption of hardware-backed security that is designed to protect onboard encryption keys,” he said.
The next stage is for the OTrP to be further developed by a standards-defining organisation after feedback from the wider technology community, so that it can become a fully interoperable standard suitable for mass adoption.
Courtesy-TheInq
Adobe Reader Security Issue Found
McAfee has discovered a vulnerability in Adobe’s Reader program that allows people to track the usage of a PDF file.
“Recently, we detected some unusual PDF samples,” McAfee’s Haifei Li said in a blog post. “After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader.”
The affected versions of Adobe Reader also include the latest “sandboxed” Reader XI (11.0.2).
McAfee said that the issue is not a “serious problem” because it doesn’t enable code execution, however it does permit the sender to see when and where a PDF file has been opened.
This vulnerability could only be dangerous if hackers exploited it to collect sensitive information such as IP address, internet service provider (ISP), or even the victim’s computing routine to eventually launch an advanced persistent threat (APT).
McAfee said that it is unsure who is exploiting this issue or why, but have found the PDFs to be delivered by an “email tracking service” provider.
The vulnerability works when a specific PDF JavaScript API is called with the first parameter having a UNC-located resource.
“Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog,” Li said. “The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog.
“However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”
McAfee said that it has reported the issue to Adobe and is waiting for their confirmation and a future patch. Adobe wasn’t immediately available for comment at the time of writing.
“In addition, our analysis suggests that more information could be collected by calling various PDF Javascript APIs. For example, the document’s location on the system could be obtained by calling the Javascript “this.path” value,” Li added.
Dell & Baidu To Create Mobile Devices
September 10, 2011 by admin
Filed under Smartphones
Comments Off on Dell & Baidu To Create Mobile Devices
Dell Inc and China’s top search engine Baidu Inc plan to join forces and develop tablet computers and mobile phones, targeting the Chinese market dominated by Apple Inc and Lenovo.
China is one of the fastest growing markets for tablets and is home to more than 900 million cell phone subscribers, but analysts were skeptical that the partnership would knock Apple from its dominant perch in the market.
“I suspect this is just Dell, who has a lot of problems on the mobile and tablet front, grasping at straws to get any kind of publicity that it can to make its product more attractive,” said Michael Clendenin, managing director of technology consultancy RedTech Advisors.
“Ultimately in China, I still think it is Apple’s game, still for the iPad and iPhone.”
Dell declined to give a timeline for the launch of the devices, but local media reported on Tuesday, quoting sources, that it may be as early as November.
Baidu launched a new mobile application platform last week and offered a glimpse of its upcoming mobile operating system, which it hopes will serve a growing number of users accessing the Internet from smartphones and tablet computers.
Samsung Sues Apple
April 25, 2011 by admin
Filed under Around The Net
Comments Off on Samsung Sues Apple
In the uber competitive world of mobile device development suing is fast becoming a sport engaged in by all of the titans of technology. Add another lawsuit to the pile as Samsung Electronics hits Apple with lawsuits in three countries alleging infringement of patents on smartphone technologies. Last week Apple sued Samsung for allegedly copying the designs of Apple’s iPad, iPod Touch and iPhone in its Galaxy smartphone and Galaxy Tab tablet PC.
On Thursday, the South Korean electronics maker sued Apple in Seoul alleging five patent infringements, in Tokyo over two alleged infringements and in Manheim, Germany, over three.
“Samsung is responding actively to the legal action taken against us in order to protect our intellectual property and to ensure our continued innovation and growth in the mobile communications business,” the company said in a statement.
According to Samsung, the lawsuits say Apple infringed on patents concerning reducing data transmission errors in WCDMA (Wideband CDMA) mobile networks, tethering mobile phones to PCs so the PC can use the phone’s wireless data connection, and reducing power consumption when transmitting data over HSPA (High Speed Packet Access) networks.
Apple’s lawsuit filed on April 15 in the U.S. says Samsung copied external design features on the iPhone, iPod Touch and iPad. The lawsuit further alleges that Samsung designed application icons for that come close to icons on Apple’s devices.
Adobe Flash Exploited
March 16, 2011 by admin
Filed under Around The Net
Comments Off on Adobe Flash Exploited
Hackers have found a way to exploit Adobe Flash Player by using a zero-day vulnerability by using Microsoft Excel documents that was confirmed by Adobe yesterday. Adobe representatives that they will not be able to patch Flash until next week. Therefore, if you use Flash you are on your own until next week. Read More….