Security Experts:

Robert Vamosi's picture

Robert Vamosi

Robert Vamosi, CISSP, an award-winning journalist and analyst who has been covering digital security issues for more than a decade, is a senior analyst for Mocana, a device security start up. He is also the author of When Gadgets Betray Us and a contributing editor at PCWorld, a blogger at Forbes.com, and a former Senior Editor at CNET. He lives in Northern California.

Recent articles by Robert Vamosi

  • Researchers show how personal information could be inadvertently leaked through the use of brain-computer interface (BCI) devices used in high-end gaming consoles.
  • Researchers have found that many implantable medical devices face risks, especially if the user interfaces are designed with convenience in mind rather than security.
  • There's an article on ProPublica dissecting two commonly quoted figures about cybersecurity: $1 Trillion in losses due to cybercrime itself and $388 billion in IP losses for American companies. Both figures, according to the article are hyperbole to say the least.
  • Just because a car has an antitheft system doesn't mean it won't be stolen. Which begs a question: what good are the anti theft systems if don't always work?
  • Building on its success with the XBox Kinect, which uses motion to influence the actions of a software program, Microsoft is looking at sound as its next frontier for data entry.
  • Cybercrime is either getting worse or getting better. According to a new report from Microsoft's research team, we simply do not have enough verified data to support either claim. Similar to sex surveys where exaggeration can skew results.
  • In Australia, local police will be informing businesses and residents that their wireless signal is unprotected and therefore open for criminal activity.
  • With a fleet of new cars using the sophisticated infotainment system they developed with Microsoft, Ford has the need to update those vehicles—for both features and security reasons. But how do you update the software in several thousand cars?
  • The security of device-independent quantum key distribution (QKD) has been deemed ineffective by a team of Canadian researchers, and at least one commercial product already in use for telecommunications is directly affected.
  • State of the art teleconferencing equipment is a must for most organizations today but few have installed it correctly, according to researchers at Rapid 7.
  • At a recent security conference, researchers demonstrated how they could spoof the energy usage reported from the meter to the utility. All of this is because the utility in question misconfigured its SSL.
  • Next year you'll be able to do all your holiday shopping without ever opening a physical wallet—or so Google hopes. The previously announced Google Wallet is comfortably into beta. Google is betting that by 2014 half of all smart phones will ship with compatible NFC chips installed.
  • Unfortunately, there is nothing new or novel against Point of Sale (POS) skimming attacks, only that they continue to happen in the age of smart embedded systems and PCI.
  • Customers recently noticed something odd after their power company installed installed smart meters in their homes: in some cases other wireless devices stopped working, or behaved erratically.
  • Researchers have come forward with a way to discern the personal TV viewing habits of the home owner simply by measuring the fluctuation in the power or what’s known as electromagnetic interference (EMI).
  • Setting aside questions of its pedigree, what might be Duqu's intended target? Researchers at Symantec coyly suggested it is targeting different industries than Stuxnet, but didn't name any. Duqu's pedigree and the intended target remains the subject of much debate.
  • Using parts that cost $10, researchers inserted custom hardware into the Diebold AccuVote TS that could read the touchscreen vote as well as alter the stored information.
  • Many security researchers are using open source Arduino boards for rapid prototyping of tools used in hardware analysis. Vendors who do not test their products before selling them into the field are doomed to be targets of future research and, perhaps, attacks.
  • With more and more mobile malware being directed at Android-based phones, you’d think the carriers and manufacturers would respond quickly to security and software updates to the underlying operating systems. According to a new survey that doesn't appear to be the case.
  • Protecting Internet connected devices from the start and protecting them at the chip level needs to be a priority. But do we really need a full-scale cyber attack to make that so?
  • Microsoft Researchers have proposed a method for Cloud services to operate on sensitive data without exposing it. The idea is to produce encrypted data that can be analyzed. The actual data remains in the control of the owner.
  • Drawing parallels with the SCADA industry, researcher Jay Radcliffe gave a personal account of his experience of having Type 1 diabetes and how various devices he uses control his diabetes could be manipulated by "evil doers" at this week's Black Hat Conference.
  • Laptop batteries use microcontrollers to tell the lithium battery when it's full and when it needs to be recharged. What's intriguing is that cybercriminals could install malware that would remain on the device no matter how many times you reinstalled the operating system.
  • Add mice and keyboards to the list of UBS-based peripherals now suspect in any corporate environment. This is hardware hacking that should be of interest to corporate IT staff, especially if your company or industry is targeted for an attack.
  • One problem with computer security is that some security professionals only see the word "computer." What about peripherals? While commercial printers have been networked for more than 15 years, yet they are constantly out of computer security's watchful eye.
view counter