ARM Buys Offspark For IoT

ARM has snaffled up Dutch Internet of Things (IoT) company Offspark.

The move is designed to improve ARM’s security credentials for IoT offerings.

Offspark is the creator of PolarSSL, a widely used protocol for IoT security products, and ARM hopes that the combined companies can offer a one-stop shop for IoT developers.

Krisztian Flautner, ARM’s IoT manager, said: “PolarSSL technology is already deployed by the leading IoT players.

“The fact that those same companies also use ARM Cortex processor and software technologies means we are now able to provide a complete bedrock solution for the industry to innovate from.”

The product will be renamed ARM Mbed TLS, but will remain open source, reports Tech Week Europe.

Paul Bakker, CEO of Offspark, added: “Security is the most fundamental aspect in ensuring people trust IoT technology and that is only possible with a truly tailored solution.

“Together, ARM and Offspark can provide security to the edge of any system and we look forward to working with our partners to help them deliver some exciting new projects.”

Developers will be able to license the technology for commercial use as well as embedding it into future ARM products.

Last week the company released the ARM Cortex-A72 processor, a 64-bit effort offering support for Android 5.x Lollipop and incorporating the big.LITTLE architecture that prioritises jobs to different processor cores based on their computational requirements.

A message on the Offspark website indicates that it has been taken down and redirects to ARM.

Source

ARM Develops IoT For Students

ARM has created a course to teach IoT skills to students at University College London (UCL)

The course is designed to encourage graduates in science, technology, engineering and maths (Stem) to seek careers in IT.

The IoT Education Kit will teach students how to use the Mbed IoT operating system to create smartphone apps that control mini-robots or wearable devices.

Students are expected to be interested in building their own IoT business, or joining IoT-focused enterprises like ARM. The course will also try to limit the number of Stem graduates pursuing non-technology careers.

ARM reported statistics from a 2012 study by Oxford Policy and Research revealing how many engineering graduates (36 percent of males, 51 percent of females), technology graduates (44 percent, 53 percent) and computer scientists (64 percent, 66 percent) end up with non-Stem jobs.

The IoT Education Kit will be rolled out by UCL’s Department of Electronics from September 2015, with a week-long module for full-time and continuing professional development students.

The Kit comprises a complete set of teaching materials, Mbed-enabled hardware boards made by Nordic Semiconductor, and software licensed from ARM. A second teaching module for engineering graduates is being developed for 2016.

“Students with strong science and mathematical skills are in demand and we need to make sure they stay in engineering,” said ARM CTO Mike Muller.

“The growth of the IoT gives us a great opportunity to prove to students why our profession is more exciting and sustainable than others.”

UCL professor Izzat Darwazeh also highlighted the importance of Stem skills, saying that “many students are not following through to an engineering career and that is a real risk to our long-term success as a nation of innovators”.

Source

Passwords Continue As The Weakest Link

Passwords aren’t the only failure point in many recent widely publicized intrusions by hackers.

But passwords played a part in the perfect storm of users, service providers and technology failures that can result in epic network disasters.  Password-based security mechanisms — which can be cracked, reset and socially engineered — no longer suffice in the era of cloud computing.

The problem is this: The more complex a password is, the harder it is to guess and the more secure it is. But the more complex a password is, the more likely it is to be written down or otherwise stored in an easily accessible location, and therefore the less secure it is. And the killer corollary: If a password is stolen, its relative simplicity or complexity becomes irrelevant.

Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.

All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”

Source…

Good Technology Updates Security

Good Technology today announced two updates to its mobile security software products across IOS, Android and Windows Phone devices.

Powering mobile security for major enterprises such as Barclays, Sainsbury’s and LOCOG, Good Technology claims the releases are the first of a kind for the industry and address security threats linked to the bring your own device (BYOD) procedures being used in most big companies.

The first update announced by the firm is the addition of what it calls “Appkinetics” to its Good Dynamics line, which aims to solve the problem of secure private corporate data leakage.

“Good’s patented AppKinetics technology builds on the company’s proven ‘containerization’ security model to enable business apps from Good, its Good Dynamics partner independent software vendors (ISV), and internal enterprise developers,” the firm said in a statement.

“This is to securely exchange information within and between applications and create seamless multi-app workflows without compromising security or employees’ privacy and personal experience.”

The firm’s second update is the addition of eight new partnered apps to its Good Dynamics ecosystem covering the areas of business intelligence, collaboration, document editing, document printing, file storage/content management, remote desktop management and mobile application development platforms (MADPs).

This update allows developers to integrate the Good Dynamics technology into apps so that companies can create secure end-to-end workflows of protected, mobile applications to drive business processes.

Good Technology’s EMEA GM Andy Jacques explained, “If you download the standard consumer document editing application you can copy and paste from that from that app into another app.”

He continued, “If you were to open a piece of corporate mission critical data you can copy and paste that and put it onto Hotmail for example.”

Source…

SecureID CRACKED?

An analyst has come up with a technique that clones the secret software token that RSA’s SecurID uses to generate one-time passwords.

Sensepost senior security analyst Behrang Fouladi said that the discovery has important implications for the safekeeping of the tokens. Fouladi demonstrated another way determined attackers could circumvent protections built into SecurID. By reverse engineering software used to manage the cryptographic software tokens on computers running Windows, he found that the secret “seed” was easy for people with control over the machines to locate and copy. He provided step-by-step instructions for others to follow in order to demonstrate how easy it is to create clones that mimic verbatim the output of a targeted SecurID token.

Source…

EMC’s Data Breach Cost $66 Million

Between April and June 2011, EMC spent $66 million handling the fallout from a March cyber attack against its systems, which resulted in the compromise of information relating to the SecurID two-factor authentication sold by EMC’s security division, RSA.

That clean-up figure was disclosed last week during an EMC earnings call, by David Goulden, the company’s chief financial officer. It doesn’t include post-breach expenses from the first quarter, when EMC began investigating the attack, hardening its systems, and working with customers to prevent their being exploited as a result of the attacks.

In spite of the breach, EMC reported strong second-quarter financial results, earning consolidated revenue of $4.85 billion, which is an increase of 20% compared with the same period one year ago. Meanwhile, second-quarter GAAP net income increased by 28% from the same period last year, to reach $546 million. The company saw large growth in its information infrastructure and virtual infrastructure products and services, including quarterly revenue increases of 19% for its information storage group.

Those results led executives to increase their financial outlook for 2011 and predict consolidated revenue in excess of $19.8 billion, which would be a 16% increase from EMC’s 2010 revenues of $17 billion.

Read More….

RSA To Replace SecureID Tokens

In an acknowledgement of the severity of its recent systems breach, RSA Security said Monday that it will replace SecureID tokens for any customer that asks.

Customers have been left to ponder whether or not to trust RSA’s security tokens since March, when the company confirmed that it had been hacked and issued a vague warning to its customers. Then, two weeks ago, government contractor Lockheed Martin was reportedly forced to pull access to its virtual private network after hackers compromised the SecureID technology.

In a letter sent to customers Monday, RSA confirmed that the Lockheed Martin incident was related to SecureID. Information “taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin,” RSA Executive Chairman Art Coviello stated in the letter.

Coviello said the company remains “highly confident in the RSA SecureID product,” but acknowledged that the recent Lockheed Martin attack and general concerns over hacking, “may reduce some customers’ overall risk tolerance.”

Read More…..