拍手2 統計

iOT/Smart devices get cybersecurity safety labeling

投稿日: 2023-07-19 | 16:49 · 返信 1 · · 翻訳:

This has been way too long coming and sorely needed for years on end, unfortunately, its only here in the US at the moment. Sponsored by NIST. To date. Quite a few companies have already jumped aboard. From the article:

To award a label to a smart device, manufacturers must meet criteria published by the National Institute of Standards and Technology (NIST). These criteria include using strong default passwords, having strong data protection measures, software updates, and incident detection capabilities.

The new program already has quite a lot of participants including Amazon, Best Buy, Carnegie Mellow University, CyLab, Cisco Systems, Connectivity Standards Alliance, Consumer Reports, Consumer Technology Association, Google, Infineon, the Information Technology Industry Council, IoXT, KeySight, LG Electronics U.S.A., Logitech, OpenPolicy, Qorvo, Qualcomm, Samsung Electronics, UL Solutions, Yale and August U.S.

https://www.neowin.net/news/smart-devices-in-the-us-get-cybersecurity-la...

MS Certified Professional : Windows 11 Home/Pro 23H2 x 64 build 22631.2792 / Windows 10 Pro x 64 version 22H2 / build 19045.3758 / Norton Security Ultra - Norton 360 Deluxe ver. 22.23.10.10 / Opera GX LVL5 (core: 104.0.4944.70) 64 bit-Early Access w/Norton Chrome Extensions / Android 14 One UI 6.1

返信

拍手0

Re: iOT/Smart devices get cybersecurity safety labeling

投稿日: 2023-07-28 | 19:39 · パーマリンク

Some well deserved GOOD news for iOT. Microsoft appears to be taking an extraordinary step ahead with "Defender for iOT feature". What Microsoft is saying this will do regarding firmware. Looks like a great start:

The following features are currently available to analyze IoT devices' firmware security:

  • Software Bill of Materials (SBOM): Provides an inventory of open-source packages used to build the firmware, indicating the package version and the corresponding licensing agreements.
  • CVE Analysis: Offers insights into firmware components with publicly known security vulnerabilities and exposures.
  • Binary Hardening Analysis: Identifies binaries compiled without security flags, such as buffer overflow protection, position-independent executables, and other common hardening techniques.
  • SSL Certificate Analysis: Uncovers expired and revoked TLS/SSL certificates within the firmware.
  • Public and Private Key Analysis: Verifies the necessity and authenticity of public and private cryptographic keys found in the firmware
  • Password Hash Extraction: Ensures that user account password hashes use secure cryptographic algorithms

https://www.bleepingcomputer.com/news/microsoft/microsoft-previews-defen...

MS Certified Professional : Windows 11 Home/Pro 23H2 x 64 build 22631.2792 / Windows 10 Pro x 64 version 22H2 / build 19045.3758 / Norton Security Ultra - Norton 360 Deluxe ver. 22.23.10.10 / Opera GX LVL5 (core: 104.0.4944.70) 64 bit-Early Access w/Norton Chrome Extensions / Android 14 One UI 6.1