Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Newest First  |  Oldest First  |  Threaded View
OtherKen
OtherKen,
 User Rank: Author
7/16/2018 | 2:25:10 PM
Re: hi
Paul

Thank you taking time to read my article. You are right that IoT is all about communication between things, people and the data. The challenge is how to manage all this new data and to determine what is important and what is not. I do not beleive we have that figured out yet but I am excited about the future of machine to machine communications and the edge compute architectures that it drives. This combined with 5G should make for an exciting time in tech over the next 10 years. 

Thanks again for the reply.

Ken
RetiredUser
RetiredUser,
 User Rank: Ninja
7/13/2018 | 4:10:36 AM
Real-Time Video/Audio Scanning w/Shape Detection & Adaptive Pattern Recognition
One of the things we see often in suspense thrillers is the "eye in the sky" concept. In fact, IoT is absolutely at the heart of what is possible in terms of securing public and private safety. By putting focus on Internet and Cellular infrastructure to increase bandwidth, accessibility and interoperability, security specialists utilizing specialized software can bring a true sense of real-time security not based on intel (a slow process often taking years to gather, months to analyze and response times to events often too late) but based on shape detection and pattern recognition, for a start, that suggest or conclusively identify risk. Putting AI behind access to real-time video feeds may reveal illegal activities not obvious to the naked eye, or hidden from view to human eyes but captured in cell and camera video feeds or even audio feeds.

Such an infrastructure meets the 1) "safe" and 2) "efficient" criteria. Such technology is no longer just in the hands of the military or agencies like the CIA. One need only scan papers written in 2017 and 2018 on IEEE or Springer, for instance, to see the technology is already here, in some cases in piece-meal spread across different projects and disciplines, but ready to bring together. Often only policies and laws are keeping such a fully realized security system from coming to fruition. However, one element that could be preventing it is the "cost-effective" factor. For, even if privacy laws were adjusted and put into effect to allow such a system to be properly designed and implemented, cost could delay it.  A good portion of that cost would be divided between hardware (of course) and security - yes, such a system would need to be incredibly secure to prevent it from being turned from a safeguard into a weapon.

There are options, of course. One of the early projects I admired related to the "Internet anywhere" idea was FreedomBox. Acting as a wireless access point, you could theoretically plug this in anywhere and give access to anyone to WiFi for free. Imagine a distribution of video/WiFi access point units strategically placed throughout cities and camouflaged such that 90% of the boxes would remain untouched annually. These would then be accessible to AI-driven apps that would scan live video and in real-time perform the functions previously described. Add to that scans of live news broadcasts, Facebook and Instagram live feeds, and so on. Here would be one component of a security infrastructure that could become essential to future public security.

Now, how to solve the myriad privacy concerns that would slow down such a project?
PaulChau
PaulChau,
 User Rank: Strategist
7/12/2018 | 10:59:12 PM
hi
Right now, the most important commodity in the world is the ability for swift and efficient communication. Not just amongst people but amongst things to, and that's why this whole internet of things thing has come about isn't it? I'm sure that people will figure out a way to get better at collecting data from different points in a system and when that happens, you'll be surprised at what we can achieve with everything moving smoothly from process to process.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file