IoT Guidelines

ecobee3-iphone-heroThe Obama administration came out and laid down guidelines for security for internet-connected devices. The Department of Homeland Security released its cybersecurity policies, which were separate from the Obama administration guidelines.  The Department of Homeland Security summarized it in 6 main points: Incorporate Security at the Design Phase, Advance Security Updates and Vulnerability Management, Build on Proven Security Practices, Prioritize Security Measures According to Potential Impact, Promote Transparency across IoT, Connect Carefully and Deliberately. This project has mainly been guided by NIST. The policy is being put into place in order to increase public trust in household appliances and devices. FCC commissioners and other higher-ups have said that it is unlikely that the FCC will enact mandatory IoT security standards now. Although, more than likely we will be seeing IoT security standards in the near future. The issue is a bit skewed, because it deals with so many different branches, such as The Office of Management and Budget, The FCC, NIST, and the Department of Homeland Security.

 

Sources:  White House Issues Guidelines for IoT Cybersecurity

Strategic Principles for Securing the Internet of Things 2016

 

Advertisements

Yahoo has 500 million users information breached, may be followed up with SEC investigations

yahoo-500-million

Yahoo received an anonymous tip about a hacker who calls himself,  Peace or Peace of Mind, that 200 million account’s information was compromised back in July. He was seen selling 200 million Yahoo user account information on the dark web. Yahoo had also been going through the work and deal to sell its main business operations to Verizon also since July. Verizon claims that it knew nothing about a possible breach or anything regarding the breach until this past Thursday when Yahoo went public with its situation.

The anonymous tip triggered an investigation by Yahoo which actually uncovered that 500 million user’s information was compromised, since 2014. The information stolen includes names, email addresses, dates of birth, phone numbers, password information and possibly even the security question answers, as stated by Yahoo. The hackers received the hashed passwords of all compromised users. The hackers did not receive information on users payment card data or bank information because the information is not stored in the system that has not been affected so far in the investigation, says Yahoo.

Security experts from Symantec who are looking into the breach now, suspect it is an attack from a  nation state, suggesting Russia. They suspect it to be a nation state because a nation state would practically be the only entity to have enough resources to both break the encrypted passwords and enact anything malicious with that information, on the scale that was stolen.

The 4.83 billion deal with Verizon has obviously taken a blow. The SEC is also very likely to follow up with an investigation of Yahoo, to investigate whether or not they were withholding information from stockholders and the market.

Not very much detailed information has been released on this breach so far. Yahoo has only suggested its users change their passwords and other account passwords if you tend to use similar or the same password for other accounts.

Sources:

‘Marissa was aware absolutely’: Yahoo chief ‘knew back in July that company was investigating a security breach’ – but only disclosed it to regulators and potential buyer Verizon this week

What Consumers Need to Know About the Yahoo Security Breach

Many Questions Still Unanswered After Yahoo Confirms Massive Data Breach