Breaking News
Comments
You must login to participate in this chat. Please login.

Moving on to Part IV...

Rookie

Better late than never

 

Rookie

Catching up -- again.

Rookie

Beter late, than never

Rookie

hello all from Edmonton, Alberta. Late again today, glad to have the archive available.

Rookie

I will continue to be here for a while if anyone else has questions

Blogger

@brianBailey,

 I have no idea. That is a big issue many open source software folks need to tackle. I have to go now though, great talk! See you tomorrow.

Blogger

And yes - semiconductor companies have to worry about this as well. How do they know that IP they purchase doesn't have backdoors in, or that a developer has not placed weakness in a design on purpose. Attacks from within again.

Blogger

How do we change that thinking? Open source is the only way forward on many of these issues. No company can contain the same level of expertise as working in these communities.

Blogger

@brianBailey, it is ironic, but it is also extremely common in many businesses. The lack of accountability = lack of security in their eyes.

Blogger

It is ironic that open source is not trusted when it has so many eyes looking at it, and yet they will trust internally developed software that could have people putting back doors in which would remain hidden.

 

Blogger

Oh yeah, in your security seminar, please include some time looking at http://www.shodanhq.com

 

Rookie

And I bet that is a trust issues. Lawyers never trust anyone even though they are often the least trustworthy.

Blogger

i am involved with data protection layer

Rookie

@J321784, I can't make that happen but I can pass along the idea to those who can.

Blogger

@brianBailey, governement requires software of certain specifications, and often requests specific vendors. Many companies have policies in place blocking open source out of fear of back doors. There's a perceived lack of accountability or security on the creation side.

Blogger

Thanks guys!  I have to head out.

As for not allowing Open Source, it's often more a legal issue than a technical one.  Laywers!  :-)

Rookie

Thanks all and good day.

Rookie

CalebKraft: Could we get a security-specific course with Brian created?

Rookie

Interesting question Caleb: why would a company not allow open source software?

Blogger

Certianly interested in a security seminar if you host it.  As for open source in our company, it's a long road to get it in use if at all.  Our biggest issue is the rate of mobile adoption and the willingness of people to wait until there's an issue instead of preventing issues.

Rookie

Thanks Brian great presentation.

Rookie

If there are enough of you that would like such a copurse, then we may be able to suggest creation of one.

Blogger

Security is a topic on it's own - I would be interested in that

Rookie

BrainBailey -> Absolutely!

Rookie

All security standards have to be constantly reviewed. The hacker commnity is working hard to exploit any and all weaknesses.

Blogger

Fantastic point: security should not be bolted-on.  Too many times in various types of systems, security is an afterthought.  We no loner have the luxury of designing systems that way.

Rookie

to the listeners:  Have any of you harnessed open source for any security?  Does your company even allow it?

Blogger

Security is a subject that we could have concentrated on for hours. Perhaps it should have its own course? How many of you would be interested in that?

Blogger

2 security issues of late:  Java bug w/ encryption algorithm and resenct SSL bug exposed (i.e. even long-standing security standards are becoming vulnerable w/ time)

Rookie

Very informative - thanks for providing some real-world scenarios of security issues

Rookie

@Brian, can you tell me security concerning to big data? What's big concerns and how to protect?

Thanks Brian, great presentation

Rookie

I am sure ou have 10,000 more questions and I will answer as many as I can.

Blogger

We need most security all days !!

Thank for presentation.

 

Rookie

I was here typing and forgot I muted my microphone!

Blogger

Thanks Brian.  Good info.

Rookie

Thanks Brian for nice presentation

OAuth is a data mining issue for social engineering.  We struggle with it and even getting customers to see that true security does involve some level of inconvience.  It's the same issue as getting people to use strong passwords.

Rookie

Have any of you harnessed open source for security?

Blogger

when the principle developer judges that the standard is no good..you should too!

Rookie

@krhohio, are you having to protect against physical access?

Blogger

I'm involved with the hardware layer...

Rookie

The most common fix is litterally a plastic plug in the update port!

Blogger

Have you seen them? I have. You can often tell by the open port on the bottom

Blogger

I'd like to know more about how intel is implementing this. I'm curious if any of the other big companies are doing similar as well.

Blogger

What are your thoughts on sites like http://www.shodanhq.com

The story behind it is very interesting.  If you devices are not protected, they may show up here!

Rookie

obscurity and geographic localization

@john Matwyshyn, security through obscurity only works for so long!

Blogger

Financial systems - all layers (data encryption and leakage), mobile apps, servers, PCI compliance, device level (secure trusted options for data storage, etc.)

Rookie

I have not addressed any security  issues in designs to date. There haven't been any network connections beyond an immediate wifi without a UI that would give a clue what was on the wifi.

Hardware, Data and Application layers.  Not too concerned with legacy systems.

Rookie

I am at Platform an Software layer.

Rookie

platform protection is a must.

Rookie

For our listeners: Which layers are you most involved with? Hardware? Data? applications? Legacy security?

Blogger

As a side note on slide #7, in the payments space, the device is being tied to the person as part of the two factor authentication/authorization methods.  It's full of issues and headaches!

Rookie

yes, false positives are a big pain

Blogger

For those just joining us, if you don't hear any audio, try refreshing your browser. We've found Firefox and Chrome have the best results.

Blogger

Any considerations for entry points beyond desktop computers/servers? What about sensors?

Blogger

unathorised access is the main thing we worry about

Rookie

Unauthorized access.

Rookie

Security and privacy issues:  unauthorized access, undesireable network traffic (malware, and other)

 

Rookie

What are the biggest security issues you are facing now?

Blogger

Audio is up!!  Here we go Day 3!

Rookie

Well it's actually 'Goodafternoon' from Nigeria

I am ready and hope I get a good transmission today

Theo from Toronto

Rookie

"Good Morning" from Albuquerque...

Rookie

Good morning from CA

Rookie

Are you all ready????

Blogger

Hello, from Doral Fl

 

Rookie

Lets hope it works better for everyone today.

Blogger

keep in mind that if the streaming audio absolutely doesn't work for you, you can listen to the archive in about a minute after we end the stream. We've been told it works fine, even if you were having streaming issues.

Blogger

hello everyone , vishal from india...:)

 

Rookie

Good morning from Calgary, AB

 

Rookie

No but it seems like every large institution cerrtainly has!

Rookie

Hello from Binghamton, NY

Rookie

Good morning - today from Albuquerque.

Rookie

Theo Kowdrysh Hi TAKE THREE

Rookie

Anyone have any security issues?

Blogger

Good morning Brian!

 

Blogger

Good morning everyone.

 

Blogger

Also, be sure to click 'Today's Slide Deck' under Special Educational Materials above right to download the PowerPoint for today's session.

Blogger

The streaming audio player will appear on this web page when the show starts at 12:00 pm  Eastern today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. We've found Firefox and Chrome have the best results. 

Blogger

Good Morning from Sunny Boston!

Rookie

Good morning from Rockwell Automation's Advanced Technology Lab in Mayfield Hts. Ohio.

Rookie

Good morning from Panama City FL.

Rookie

Good Morning from Tennessee

Rookie

I'm very concerned for embedded systems security, particularl for critical infrastructure.

Rookie


Most Recent Comments
Flash Poll
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Engineer's Bookshelf
Caleb Kraft

The Martian: A Delightful Exploration of Math, Mars & Feces
Caleb Kraft
3 comments
To say that Andy Weir's The Martian is an exploration of math, Mars, and feces is a slight simplification. I doubt that the author would have any complaints, though.

The Engineering Life - Around the Web
Caleb Kraft

Surprise TOQ Teardown at EELive!
Caleb Kraft
Post a comment
This year, for EELive! I had a little surprise that I was quite eager to share. Qualcomm had given us a TOQ smart watch in order to award someone a prize. We were given complete freedom to ...

Design Contests & Competitions
Caleb Kraft

Join The Balancing Act With April's Caption Contest
Caleb Kraft
54 comments
Sometimes it can feel like you're really performing in the big tent when presenting your hardware. This month's caption contest exemplifies this wonderfully.

Engineering Investigations
Caleb Kraft

Frankenstein's Fix: The Winners Announced!
Caleb Kraft
8 comments
The Frankenstein's Fix contest for the Tektronix Scope has finally officially come to an end. We had an incredibly amusing live chat earlier today to announce the winners. However, we ...

Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)