While there’s been plenty of attention focused on possible hacks with vehicles, a group of security researchers recently found vulnerabilities in internet-connected, drive-through car washes. Voting machines are hacked in less than 90 minutes at DEFCON. Is Shodan the world’s scariest search engine? How did HBO get hacked? And Black Duck reports record revenue and record revenue growth for the first half of 2017.
All that and more cybersecurity and open source security news in this week’s edition of Open Source Insight.
via CIO: This drive to meet business needs for innovation has in-part led to a surge in the adoption of enterprise-grade open source technology. A 2016 survey by North Bridge & Black Duck on the “Future of Open Source” reported respondents see open source “as an engine for innovation, with 90% reporting they rely on open source for improved efficiency, innovation and interoperability.”
via AutoGuide.com: According to the researchers, hackers are able to remotely take control of car wash systems and physically attack vehicles. They can, for example, open and close the bay doors on a car wash, trapping vehicles inside, or strike them with the doors, damaging them and possibly injuring occupants inside the vehicles.
Black Duck Reports Record Revenues and Revenue Growth As Well As Significant Increase in New Customers for First Half of 2017
via Black Duck Software: The company said new and add-on revenue from subscriptions to Black Duck Hub, its flagship open source security solution, grew by 77 percent in the first half of 2017 and subscription renewal rates for Hub were in the mid-90-percent range.
Black Duck had a 64 percent increase in new customers during 2016, and the company said it nearly matched the 2016 new-customer total in the first half of 2017. Notable customers added to the portfolio since January include HPE, Carbon Black, Exact Group BV, and Copper Leaf.
CEO Lou Shipley said the company expects overall revenue growth for 2017 will exceed 30 percent in 2017, up 50 percent from 2016.
via WIRED: Over three days, attendees probed, deconstructed and, yes, even broke the equipment in an effort to understand how it works and how it could be compromised by attackers. Their findings were impressive, but more importantly, they represented a first step toward familiarizing the security community with voting machines and creating momentum for developing necessary defenses.
via New York Times: The National Association of Voting Officials is leading a movement to encourage election officials to stop the purchase of insecure systems and begin to use software based on open-source systems that can guard our votes against manipulation. But there’s resistance to this obvious solution. Microsoft and companies that bob along in its wake don’t want their proprietary voting systems replaced by open-source software balloting systems, have aggressively lobbied against them.
via GeekWire: IoT insecurity was the biggest theme from this year’s DEF CON and Black Hat conferences. Researchers at both shows gave many talks about IoT security problems, or about hardware and software hacking techniques related to IoT.
via Tech Worm: It is surprising what people have found on Shodan – from traffic lights, security cameras, home automation devices and heating systems to control systems for a water park, a gas station and even located command and control systems for nuclear power plants. While its abilities might awe you right now, it also shows how little security is enabled in such devices. A quick search of the term “default password” will direct you to printers, servers and other devices that use “admin” as their username and “1234” as their password. Imagine finding and accessing your own machine in one such search to realize the seriousness of the problem.
via Forbes: In the past two years, companies all over the world spent $157 billion on information security products. For comparison, the total expenses of the state government of New York amounted to $150.7 billion in 2016.
via Digital Trends: Hackers recently absconded with 1.5 terabytes of data from HBO, and have since leaked unaired episodes of Ballers, Room 104, andGame of Thrones. HBO says it has been looking into the hack since it was discovered, but few conclusive details are known. So Digital Trends sought answers; we asked a cybersecurity expert exactly how the HBO hack could have happened.
via Black Duck blog (Rob Hawkins): Minimizing recalls, which overall totaled more than $900M for General Motors (GM) alone in 2016, would be a significant cost saving opportunity. One remedy for software related recalls is Over the Air (OTA) updates, which would eliminate the need to bring vehicles into dealerships for software updates and allow data driven improvements to minimize maintenance. According to IHS Markit, OTA updates could save the global automotive industry more than $35B by 2022.VP of Security Strategy Mike Pittenger presented a webinar on risk-ranking open source vulnerabilities, and how that process can increase security effectiveness while maintaining developers' agility. During the webinar Mike got some great questions that I followed up on to share the answers with you.