Introduction Have you ever been trying to solve a systemic problem, like users getting infected by malware, and the only advice you get is completely impractical, such as to instruct users to not click on links or open attachments? This seems to be one of the top security recommendations lately, as if the solution was so simple. The good news is that there are some practical solutions out there for nearly every organization.
Financial technology (Fintech) has a long history of innovation, but there have been interesting changes now that Bitcoin has demonstrated the possibility of having a trustworthy system even when dealing with untrusted parties. It has taken Bitcoin quite a few years to earn the level of trust and acceptance it has today, but it serves as an existence proof that this level of trust is both technical and socially possible. This is what the altcoins and other blockchain technologies are banking on.
When I started GRIMM, I had a vision to tackle the greatest cybersecurity challenges that face our clients, industry and the greater business and government communities. Five years later, we have grown into a dynamic and passionate team who strives to make a better, more secure world through the independent research and the services we provide to clients. GRIMM takes deep pride in its dedication to education, innovation and technical problem solving.
Last night, GRIMM attended the 3rd Annual DC Timmy Awards. The Timmy Awards recognize and celebrate the technology work culture that actively promote creativity, innovation, and learning in the DC area. GRIMM was named a finalist leading into the event and we’re thrilled to have been ultimately recognized as the First Runner-Up for Best Tech Work Culture! The evening was filled with energy and camaraderie as companies across the region came together to celebrate the innovative leadership embodied by the greater DC tech community.
One of the reasons I chose to come to GRIMM after leaving federal service earlier this year was because of one of the core principles held by the rest of the GRIMM Leadership team. That is the importance of educating the general public on the inherent cybersecurity risks in nearly everything touched on a daily basis, and of enabling future generations of cybersecurity experts, software developers, and computer engineers to solve these security challenges, as well as those of the future.
Within the context of historical cyber breaches, this can be classified as a massive attack: Equifax, one of the “big three” credit-rating agencies, announced earlier this month thathackers gained access to the Social Security numbers, credit card data, driver’s licenses, home addresses and other personally identifiable information (PII) of up to 143 million Americans. Some two-dozen class-action lawsuits (and counting?) followed, along with stinging criticism from consumer groups and congressional leaders.
GRIMM is excited to be named a finalist in the Best Tech Work Culture category for the DC Timmy Awards. These awards, now in their third year, recognize technology work cultures that actively promote technical creativity, innovation, and learning in the DC area and celebrate the organizations that make innovation possible. Vote for GRIMM here! Sponsored by Tech in Motion, the DC-area business community can vote online through September 8th to help choose who represents the best of DC tech.
Heading into the summer hacker conferences can be overwhelming. Demonstrations, panels and talks across multiple events events as in sames week - DEFCON 25, Black Hat 2017, BSidesLV - combined with all the parties (and meetings) made for an action packed week! With our social calendar full and our demonstrations in tow, the GRIMM team found itself in the spotlight while showcasing some of the most innovative cybersecurity research and intelligence on connected vehicles, IoT, smart homes, smart grids and ICS security up and down the Vegas Strip.
In our spare time, we like to hunt for bugs in various pieces of software. To help teach people this skill, we decided to write up our analysis on some of the crashes we find. The goal is to help people learn how to debug, analyze the problem, determine why it’s happening, and what the impact is. For example, is this just something which will cause the software to crash and merely cause a brief denial of service, or is this a vulnerability which can be exploited to take complete control over the computer?
“Howdy Neighbor” is GRIMM’s Internet of Things (IoT) Capture the Flag (CTF)-like challenge. As smart devices become ubiquitous within the common household, so are threats to these devices. For example, last year, it was reported that researchers could use a smart lightbulb network vulnerability to attack an entire city. Howdy Neighbor is a model smart house that simulates how multiple interactive “smart” home products, including webcams, smoke detectors, power meters, HVAC systems, smart ovens and refrigerators, video game consoles, smart TVs, toasters, coffee makers, locks, and light bulbs (etc.