Acreto Iot Security

The universally accepted rule is that the Information Technology (IT) team has the final say on all things technology — right? Not so fast! 

HTTPS is not Security. It's Privacy – and one of six fundamental security imperatives. Listen to the audio article by Acreto to find out more.

Why IoTs have created a security crisis and strained the communications infrastructure along the way. By Acreto IoT Security. 5G is coming! 5G is coming! But in the 4G LTE era where access is lightning fast, what is driving the push for 5G? 4G networks is a technology from the 2000's with one primary intent -- to enable mobile devices to take advantage of apps. In order for the apps, app stores, streaming and other services to be successful, mobile devices need to just plain work. This means they must work transparently, reliably and consistently for users to interface and interact with their apps and content. 4G solved the problem with 2G, which was data unusable, and 3G, that at best was used for email and some browsing in a pinch. To that extent, it has been a resounding success. However, connected devices have seeped into everyday life in a low-key and transparent way. So much so that the prevailing industry mantra is that "IoTs are coming". In reality, IoTs arrived long ago. Today, mobile phon

Why We Did This – Facebook’s New Product: You. In a number of confidential strategy sessions with the Acreto Advisory team, led by Bob Flores, former CTO of the CIA, we set out to identify a number of potential mid to long-term threats that we should monitor. In studying the challenges that come with securing and adopting IoT technologies, and based on the complexities of how they operate and the dependency model that is established sociologically, we realized that Facebook, Google, and other similar tech giants are starved for data points. “It used to be that analysis of large amounts of data was limited to the biological capacity of the person. Computers didn’t used to have the processing power nor the algorithm and data sciences that they do today. Now, that’s not the case. The fact of the matter is that all these social media companies are data-starved. The more data points they have, the more they can absorb. There is no overload capacity for these social giants.” Babak Pasdar, CEO and CTO of Acret

Bloomberg Spy Chip – Bullshit? This is Part 1 of a two-part investigative deep-dive into the accusations of Bloomberg’s recent article, ‘The Big Hack’. Written by Bob Flores, former CTO of the CIA, and Babak Pasdar, CEO of Acreto IoT Security. In a recent blog, Babak Pasdar highlighted a Bloomberg report that claimed China had embedded hardware spy chips on servers from Supermicro. Supermicro provides data-center servers used by many companies from small startups to the likes of Amazon and Apple. Bloomberg claims that the spy chips were discovered by a security auditor hired by Amazon AWS. This audit was part of an acquisition due diligence of Elemental Technologies, a platform specializing in multi-screen video processing. Bloomberg claims that Amazon and Apple are among the organizations impacted by the alleged Chinese spy chip. And one-by-one they have all denied that the story has merit. However, Bloomberg, a model agency in news reporting, has refused to offer any additional information or alternatively

This is Part 2 of a two-part investigative deep-dive into the accusations of Bloomberg’s recent article, ‘The Big Hack’. Written by Bob Flores, former CTO of the CIA, and Babak Pasdar, CEO of Acreto IoT Security. Bloomberg Spy Chip - Bullshit? Part 2 Now let’s break down Bloomberg’s claims further. In the article they present a graphical image of a Supermicro motherboard and strip away components until the spy chip can be seen. The motherboard they present is a Supermicro B1DRi with an AOC-GEH-i4M add-on module. As shown on the Supermicro web site, the B1DRi is designed to host up to two Intel E-2500 v3 slash v4 CPUs and up to 256 Gb of 288 pin DDR4 memory and can be mounted to a sled with its own hard-disks. However it is not a standalone server and needs to be mounted in a Blade Enclosure to function. The enclosure provides power, hosts a network switch and most importantly has a shared IPMI management board plugin. If the spy chip works through the IPMI, how can Bloomberg show the spy chip placed on

Bloomberg made a pointed accusation that Supermicro servers contain Chinese spy chips -- yet offered little evidence. Read Acreto's deep-dive investigation.

Listen to the Audio Article. Acreto investigates Bloomberg's claim that SuperMicro spying hardware was used by the Chinese gov to infiltrate U.S. companies.

Russian Hacker Caught and Convicted: From US With Love. Written by Babak Pasdar, CEO and CTO of Acreto. A little while ago, a client called me in to do a security operations ‘best practices’ education session. They were a dot com site that had recently spun off from one of the major financials. They had not yet laid down their sec ops roots and were still engaged in establishing the fundamentals. They wanted an informal education session to get the entire team on the same page. Their conference room was packed with their security team as well as several people from their operations center, which I had requested. In many instances, the ops team is on the front line and often identifies and conducts the initial steps in handling security incidents. At some point during the session, I started to talk about scammers. One trick that malicious people use is to acquire domain names that are similar to the site they are targeting. Since the client was a financial and their site contained personal information for hund

Your IoTs may as well be Facebook IoTs! Listen to the podcast and learn how your devices deliver data points to their massive analytics machine.

Facebook tracks users and non-users alike, through an extensive data collection, analytics, and advertising platform. Listen to the podcast and learn how.

Facebook tracks a myriad of data on users and non-users alike. Listen to the podcast and learn how they collect data for its massive advertising platform.

The Facebook data empire never stops. Listen to the podcast and learn about the technology behemoth -- made up of 60+ acquisitions and hungry for IoT data.

Facebook's privacy practices are riddled with challenges. Listen to the podcast about the social giant's checkered history with the truth.

It’s important to understand the relationship between the social giant and the increasing momentum of regulations – let’s look at Facebook and GDPR.

Listen to the podcast: Facebook Spyware is now mainstream - get used to it! Learn why IoT - the Internet of Things - is EVERYTHING to Facebook.

The Business of Security vs. Security of Business Written by Babak Pasdar, CEO and CTO of Acreto. The security industry has spent a lot of time over the past 30 years thinking of imaginative ways to put lipstick on today's cybersecurity pig. It's like a one hit wonder band who never adapted, playing the same song and putting on the same show over and over, even though their fans, the industry and the zeitgeist as a whole have evolved and transitioned. We are more distributed and mobile than ever. Yet the security industry remains unevolved, putting on the same show – playing their all-time favorites like “On-Device Security” and their mega-hit “Gateway Security”. Gateway security is an especially nuanced piece with broad range. There’s the firewall, intrusion prevention, VPN gateway, the proxy, url and content filters, and the component that binds them – SIEM. And that’s the consolidated version of a lengthier and more complicated original score. Compute has changed and continues to change dramatically in fro