- HP’s IoT Security Research (PDF) — 70% of devices use unencrypted network services, 90% of devices collected at least one piece of personal information, 60% of those that have UIs are vulnerable to things like XSS, 60% didn’t use encryption when downloading software updates, …
- USB Security Flawed From Foundation (Wired) — The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer. “It goes both ways,” Nohl says. “Nobody can trust anybody.” [...] “In this new way of thinking, you can’t trust a USB just because its storage doesn’t contain a virus. Trust must come from the fact that no one malicious has ever touched it,” says Nohl. “You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer. And that’s incompatible with how we use USB devices right now.”
- AdBlock vs AdBlock Plus — short answer: the genuinely open source AdBlock Plus, because AdBlock resiled from being open source, phones home, has misleading changelog entries, …. No longer trustworthy.
ENTRIES TAGGED "hardware"
A closer look at the forces causing demand
Buzzwords in the software industry arise and then die off with startling frequency. Ambiguous terms such as “growth hacker”, “sales engineer” and “rockstar developer” trip a developer’s spidey sense that the person saying them is just handwaving. However, occasionally a new term is created to articulate a programming skill set based on demand due to changes in the software development industry.
In 2013 the search term “full stack developer” took off on Google Trends and began appearing in numerous tech startup job postings. In this term’s case there are several real trends driving developers to invest in learning and identifying as full stack developers.
The usage of the full stack developer term is driven by several larger trends in software development. Read more…
A software company reaches into the physical world with hardware.
PayPal is a software company, but when I met with Josh Bleecher Snyder, director of software engineering at PayPal, it was to talk about hardware. He’s leading the development of Beacon, PayPal’s new hands-free payment platform. At its heart is a finger-size stick that uses Bluetooth Low Energy to connect with mobile phones and confirm identity.
Paypal’s move into hardware extends its software into the physical world — a key idea behind our Solid Conference. What was once a system confined to screens and keyboards is now part of a new set of interactions in brick-and-mortar stores.
Beacon is part of a vast PayPal stack, and Bleecher Snyder’s team solved problems with a blend of hardware and software thinking — writing code in Go that was efficient enough for Beacon’s processor to be underclocked and avoid overheating, and to anticipate attacks on PayPal’s service that might come from compromised hardware. His entire system hews to PayPal’s “don’t be creepy” mantra by quickly and permanently discarding data that isn’t used in transactions. Read more…