[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* A major focus of this year’s International Mine Countermeasures Exercise, which began Monday, is to address this concern, which could greatly impact international commerce, the commander of U.S. Naval Forces Central Command Vice Adm. Kevin Donegan told journalists.
* The 9 Box of Controls
* Stanford launches new online courses in computer security
* Untrained guardians: cybersecurity optional in top computer science programs
* European telcos join ETIS cybercrime initiative
* Self-spreading ransomware next computer threat, Cisco Systems says
* UK cyber crime growing exponentially
* Software flaws used in hacking more than double: Report
* Ransomware: Hackers borrow customer-service tactics
* So, you want to be a security pro? Read this first
* How the GDPR could help Europe take the lead for breach notification
* Beazley and Munich Re to offer enterprise-wide cyber protection for the digital assets
* Data Privacy Breaches: Organizing a Data Breach Incident-Response Team
* One New Zero-Day Discovered on Average Every Week in 2015, Twice the Rate of a Year Ago as Advanced Attackers Exploit, Stockpile and Resell High-Value Vulnerabilities
* Cyberwar Incident Response at the Speed of Thought
* Ransomware: Past, Present, and Future
* Managing The Message Before The Breach
* Why IT and Security Staff Need the Time and Budget to Go to Security Conferences
* Bug Bounty Program is becoming more popular in Japan
* WordPress pushes Free HTTPS Encryption for all its blogs
* Microsoft rated 6 of 13 security updates as critical, Badlock bug fix rated important
* Singapore to introduce new Cybersecurity Act next year
* Cyber incidents in mining a complex topic for risk managers, mining product development has not kept pace with needs: Munich Re
* 10 Cybersecurity Twitter Profiles To Watch
* Websites take control of USB devices: Googlers propose WebUSB API
A major focus of this year’s International Mine Countermeasures Exercise, which began Monday, is to address this concern, which could greatly impact international commerce, the commander of U.S. Naval Forces Central Command Vice Adm. Kevin Donegan told journalists.
A major focus of this year’s International Mine Countermeasures Exercise, which began Monday, is to address this concern, which could greatly impact international commerce, the commander of U.S.
Naval Forces Central Command Vice Adm.
Kevin Donegan told journalists.
Pirate attacks in the Gulf of Aden and off the Horn of Africa increased in the past decade to reach a record in 2011, 237 ships were attacked and the pirates earned about $2 million in ransom for every vessel.
Since then, attacks have significantly decreased as international navies stepped up anti-piracy patrols.
But analysts have warned that that pirates are poised to resume attacks with the help of the al Shabab militant group, which controls parts of Somalia and has links with other terrorist groups in the Middle East.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b498c96a10&e=20056c7556
The 9 Box of Controls
concept of control friction.
I’ve developed a simple framework called the 9 Box of Controls, which takes the issue of control friction into account when assessing the value as well as the impact of any control, including information security.
Types of Security Controls
There are three primary types of security controls: prevention, detection and response…
There are also three primary approaches one can take to implement a control: automated, semi-automated, and manual.
However, there is a third dimension to the 9 Box: control friction.
As we know, friction is the force that causes a moving object to slow down when it comes into contact with another object.
Similarly, controls can impose a “drag coefficient” on business velocity—they can slow the user or a business process (just think of the groan issued by PC users when they switch on their machine to complete an urgent task, only to find it indisposed for the next half hour due to an automated Windows Update).
If a business adheres to high-friction controls, the long-term effect can be the generation of systemic business risk.
High-friction controls can hinder business velocity; the organization can lose time to market and the ability to innovate, and over the long term it may even lose market leadership.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4d40cde6c5&e=20056c7556
Stanford launches new online courses in computer security
Stanford recently made several enhancements to the online certificate program, adding a new course called Network Security and updating the Emerging Threats & Defenses course to reflect the latest knowledge.
Network Security addresses one of the most important computer science issues today.
Participants will learn current and trending practices for building reliable and secure code to defend against various attack techniques, harmful viruses and threats.
Participants will learn how to identify operating holes and explore the trends in malware, privacy and security for mobile devices.
In the new and improved Emerging Threats & Defenses course, participants will explore the growing challenges of securing sensitive data, networks and mobile devices, and learn the latest applications to defend against malicious acts.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cca1ec40de&e=20056c7556
Untrained guardians: cybersecurity optional in top computer science programs
A new survey has found that many of the top computer science and engineering programs in U.S. universities give little more than a passing thought to cybersecurity.
Security firm CloudPassage conducted the study and found that the top 10 computer science and engineering programs across the country do not require students to complete a cybersecurity course in order to graduate.
The study looked at 121 programs in total.
The University of Michigan, which ranks number 12 in the country based on the U.S.
News & World education report from 2015, is the only institution that requires the completion of a security course for graduation.
The University of Alabama came out looking the best from CloudPassage’s study despite the fact that it does not feature on Business Insider’s or U.S.
News & World’s lists.
It requires the completion of at least three cybersecurity classes.
Rochester Institute of Technology and Tuskegee University offer the most security-based electives with 10 each.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bc855e17cd&e=20056c7556
European telcos join ETIS cybercrime initiative
Global telecoms association ETIS has joined forces with Proximus, KPN, Swisscom and A1 Telekom Austria to launch an initiative aimed at professionalising the exchange of cyber threat intelligence among European telecoms providers.
ETIS said a pilot project to enhance the efficiency of the community as well as the quality of the actual threat intelligence shared was recently concluded and will lay the foundation for a more elaborate operational setup, potentially involving over 20 European telecoms operators. “This project allows us to actively and securely exchange cyber threat intelligence, in order to faster detect, prevent and mitigate cyber security incidents,” said ETIS Information Security Working Group chairman Andy De Petter.
The association added that work is underway to expand the new environment, with more telecoms providers such as TDC, Telenor and Deutsche Telekom set to join.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=105bdf6c50&e=20056c7556
Self-spreading ransomware next computer threat, Cisco Systems says
An unusual strain of virus-like hacker software that exploits computer server vulnerabilities – without requiring human interaction – is a leading example of a new generation of “ransomware,” according to a new report by Cisco Systems Inc.
Hackers use such software to target large-scale networks and hold data hostage in exchange for bigger payments.
Such a strain, known as Samas or samsam, hit the MedStar Health Inc. hospital chain last month.
In such attacks, hackers target backup files and records, encrypting them to make them an unreadable gobbledygook of characters.
To regain access, users without additional safe backups who don’t want to lose critical files often pay the ransom, typically $10,000 to $15,000 for an entire network or hundreds to a thousand or so dollars for a single computer.
The ability to demand payment in bitcoin, a difficult-to-trace virtual currency not controlled by any country, was “basically the birth of ransomware” and has helped drive its success since the currency’s introduction in 2009, said Craig Williams, a senior technical leader at Cisco’s Talos security research group.
Last year’s 2,453 reports of ransomware hackings to the FBI totalled a reported loss of $24.1 million, making up nearly
one-third of the complaints over the past decade.
They also represented 41 per cent of the $57.6 million in reported losses since 2005.
Such losses are significantly higher than any paid ransoms because companies routinely include remediation costs, lost productivity, legal fees and sometimes even the price of lost data in their estimates.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a944df5178&e=20056c7556
UK cyber crime growing exponentially
Highly skilled cyber criminals are fuelling an exponential growth in online crime in the UK, according to Symantec’s latest Internet Security Threat Report.
The report reveals that the UK ranks as the most targeted nation in the world for spear phishing attacks.
The UK is also the most targeted country in Europe for social media scams, and ranks second only to Germany in Europe for ransomware attacks.
UK industries most targeted by spear phishing attacks are finance and insurance, transport and public utilities, services and manufacturing.
As attackers evolve, Symantec said there are steps businesses can take to protect themselves, such as partnering with a managed security service provider (MSSP) to extend in-house security capabilities.
Businesses can also use advanced threat and adversary intelligence systems to help find indicators of compromise and speed up responses to incidents.
Symantec recommends that businesses implement multi-layered endpoint security, network security, encryption, strong authentication and reputation-based technologies.
It also suggests preparing for the worst by implementing incident management systems and processes to ensure continual improvement in security capability.
Businesses should provide on-going education and training with simulation-based training for all employees, as well guidelines and procedures for protecting sensitive data on personal and corporate devices.
Finally, Symantec said businessnes must regularly assess and drill internal investigation teams.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b941d675a4&e=20056c7556
Software flaws used in hacking more than double: Report
Secret vulnerabilities in computer programs are especially prized by criminal gangs, law enforcement and spies because software vendors have not been warned and so cannot publish fixes.
In 2015, 54 such holes came to light and were deployed by hackers, according to a report published on Monday by the largest security software vendor, Symantec Corp.
That is up dramatically from 24 the year before and 23 the year before that; the next-highest total over the past 10 years was 15 in 2007.
Four of the five most-used zero-day vulnerabilities last year were in Adobe Systems Inc’s Flash software, which can be used as a standalone program or a plug-in for various web browsers, not all of which automatically update with Flash patches.
Symantec said it expected Flash to become less popular as platforms stop supporting it, making it less of a bonanza for hackers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1fbd849caa&e=20056c7556
Ransomware: Hackers borrow customer-service tactics
When hackers set out to extort the US town of Tewksbury, Massachusetts with “ransomware,” they followed up with an FAQ explaining the attack and easy instructions for online payment.
After balking for several days, Tewksbury officials decided that paying the modest ransom of about $600 was better than struggling to unlock its own systems, said police chief Timothy Sheehan.
The total cost of ransomware attacks is hard to quantify.
But the Cyber Threat Alliance, a group of leading cyber security firms, last year estimated that global damages from CryptoWall 3 – among the most popular of dozens of ransomware variants – totaled $325 million in the first nine months of 2015.
Some operations hire underground call centers or email-response groups to walk victims through paying and restoring their data, said Lance James, chief scientist with the cyber-intelligence firm Flashpoint.
Graphic artists and translators craft clear ransom demands and instructions in multiple languages.
They use geolocation to make sure that victims in Italy get the Italian version, said Alex Holden, chief information security officer with Hold Security.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5d183d335d&e=20056c7556
So, you want to be a security pro? Read this first
Still, Combs says, “a security career requires you to have strong chops in various areas.” With continuously changing technology, evolving threats, new regulations and the constant fight for security budget, “you never reach that point where your work is done.” In the ISC2 survey, even though more than three-quarters of respondents said they are satisfied with their current position, the industry experienced a staff turnover rate of almost 20% last year, the highest rate of churn (ISC)2 has ever recorded.
• Follow your passion, not the money
So while the demand – and the dollars – may be an attraction to the security field, it shouldn’t be the only driver.
On the positive side, the security profession is a great place to be part of a community, Bellanger says, especially compared with the software development world. “Security practitioners are an amazing, close-knit community that works well together,” he says.
In some ways, you’ll know if security is for you if you’re the kind of person who has the desire to understand how things work, or how to break – and then – fix them, Combs says. “There are a disproportionate number of artists, musicians, creative people and asymmetrical thinkers who’ve come into field,” he says. “It really comes down to personal desire and an interest in understanding what’s underneath the surface and not accepting things at face value.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b3a2d6688f&e=20056c7556
How the GDPR could help Europe take the lead for breach notification
While the US developed breach notification regulations, different states have different laws.
Three US states have no breach notification provisions.
Conversely, the EU will have a common definition of personal information, rather than the different definitions in the US.
Much in the same way that under-development in telecommunication infrastructure allowed Africa to lead the way in the uptake of mobile and wireless communications, the starting-from-scratch position is exactly what will allow Europe to take the lead on breach notification.
Europe’s GDPR could quickly become the leading example of cross-market standardisation.
As a regulation rather than a directive, the legislation is binding across all 28 member states, without requiring new regulation in each country.
This uniformity – ultimately reducing 28 sets of data protection laws into a single regulation – will make compliance a far easier issue for organisations present in multiple European countries.
A move towards stronger data breach notification requirements is inevitable in the current security climate.
The good news about the GDPR is that once businesses are in compliance, they will be compliant for 28 different markets – making the regulation far less complex and challenging than others we’ve seen.
And if the GDPR proves to be successful, we hope it can serve as a standard for other regions to replicate.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=abed5f0479&e=20056c7556
Beazley and Munich Re to offer enterprise-wide cyber protection for the digital assets
Beazley, a pioneer in data breach response insurance and the largest insurer of cyber liability risks in the Lloyd’s market, has partnered with the Corporate Insurance Partner unit of Munich Re, one of the world’s leading reinsurers, to offer the broadest protection yet for the digital assets and IT infrastructure of the world’s largest companies, according to Munich Re.
Coverage options have been developed in close collaboration with a number of large companies and their brokers.
The needs of such organisations vary widely and cover will be tailored specifically to the exposures of individual clients, providing up to $100m or €100m of protection for a wide range of cyber risks.
Based on the individual needs of clients, coverage can be tailored to include elements for risks such as:
Beazley and Munich Re have seen significant demand for insurance cover of this type and have already bound insurance for multinational clients seeking the broad protection – both in terms of perils covered and financial limits – that their partnership uniquely affords.
Working together in close collaboration with clients, brokers and IT companies, they are able to better understand the specific cyber risk profile of an individual client and develop bespoke solutions accordingly.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a59aff9243&e=20056c7556
Data Privacy Breaches: Organizing a Data Breach Incident-Response Team
This three-part column will focus on preparation to handle a data breach, including organizing an incident-response team, preparing for a government investigation and balancing law enforcement requests with insurance policies requiring breach disclosure.
The key to surviving any crisis is preparation—that is, having an established protocol to steadfastly follow when, not if, chaos emerges.
Schools conduct fire drills to ensure that students know which exits to use in case of danger; banks install covert panic systems to avert robberies and save lives; and the military simulates warfare before entering combat.
Massachusetts mandates the most stringent and detailed data security requirements for organizations by a state to date.
See 201 Mass.
Code Regs. 17.01–05.
That state is the first to require covered organizations to adopt comprehensive written information-security programs incorporating specific security measures.
The regulation has extensive reach, purporting to cover every organization, wherever located, that owns or licenses personal information of Massachusetts residents.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5a2e305c2d&e=20056c7556
One New Zero-Day Discovered on Average Every Week in 2015, Twice the Rate of a Year Ago as Advanced Attackers Exploit, Stockpile and Resell High-Value Vulnerabilities
Symantec Report Reveals a Record Nine Mega-Breaches;
Half a Billion Personal Records Stolen or Lost in 2015;
Crypto-ransomware Attacks Grew by 35 Percent
Over Half a Billion Personal Records Stolen or Lost in 2015
Encryption Now Used as a Cybercriminal Weapon to Hold Companies’ and Individuals’ Critical Data Hostage
Don’t Call Us, We’ll Call You: Cyber Scammers Now Make You Call Them to Hand Over Your Cash
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=121f8cbc7f&e=20056c7556
Cyberwar Incident Response at the Speed of Thought
In the real world, CSOs are playing a cat-and-mouse game that they can win with the right tools applied in the right places, by equipping the right people to take advantage of the asymmetry that they should have at their disposal, the battle can be won against the attackers.
Today everything is all about context: facts are cheap and are actually overwhelming.
You see it in the news all the time: facts wash over us.
The network is the place to instrument for enterprise-wide context.
It is query-able and flexible and available for security personnel to ask questions without having to wonder how they ask questions.
In other words, done right, it lets investigators work at speed without hindrance.
Only then can they take advantage of the natural asymmetry that can exist when you can finally home in on the real threats, validate and prove them and enable faster enterprise-wide response…and then keep getting faster, better and more accurate.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=08ef7ca5df&e=20056c7556
Ransomware: Past, Present, and Future
The rise of ransomware over the past year is an ever growing problem.
Businesses often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality.
The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware.
As a result of this we’re seeing ransomware evolve at an alarming rate.
In this blog post we explore traits of highly effective strains of self-propagating malware of the past, as well as advances in tools to facilitate lateral movement.
This research is important as we expect adversaries to begin utilizing these capabilities in ransomware going forward.
This blog post focuses on two avenues of thought – that our past is chock full of successful malware, and that successful cyber extortionists will look to the past to create new and evolving threats going forward.
Ransomware as we know it today has a sort of ‘spray and pray’ mentality; they hit as many individual targets as they can as quickly as possible.
Typically, payloads are delivered via exploit kits or mass phishing campaigns.
Recently a number of scattered ransomware campaigns deliberately targeting enterprise networks, have come to light.
We believe that this is a harbinger of what’s to come — a portent for the future of ransomware.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f0fb45e1f9&e=20056c7556
Managing The Message Before The Breach
CISOs should establish an InfoSec program based on a proven framework, such as ISO 27001, COBIT, NIST, or COSO, and develop a clear implementation roadmap.
Using a framework as a best practices guide, CISOs can implement effective internal controls and manage risk.
And by developing a roadmap, CISOs are able to track activities over time, to adjust priorities and make course corrections as needed, and to report progress and status to senior management and the board with confidence.
In order to manage the message before the breach, CISOs must communicate regularly with senior management and do so in business terms.
By explaining threats in the context of business impact, CISOs are able to communicate more effectively with their senior counterparts.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=79046e1455&e=20056c7556
Why IT and Security Staff Need the Time and Budget to Go to Security Conferences
Exposing yourself to keynote presentations and the vendors on the show floor is a great way to stay current.
Additionally, attending specific sessions and rubbing elbows with experts in the field and your own peers is the only true way to stay current with the latest technologies, tools and methodologies necessary to be at the top of your security game.
You don’t have to go to every big security conference every year.
There are local shows that can help fill in the blanks.
Just make sure that you’re attending events periodically and consistently over time.
It’s the only proven way to take your skills up several notches in such a short period and with a relatively small investment.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0297ebb94c&e=20056c7556
Bug Bounty Program is becoming more popular in Japan
Sprout, the cybersecurity firm in Japan has launched BugBounty.jp, which is the first bug bounty program in Japan designed to Japanese companies.
Officially launched in March 2016, BugBounty.jp runs bug bounty programs for leading companies in Japan like Baidu, gumi and pixiv.
The website is available in English and Japanese, making it easy to white hat hackers around the world report vulnerabilities in English to Japanese companies running programs on the platform.
Currently BugBounty.jp has more than 100 registered white hat hackers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=676ed12125&e=20056c7556
WordPress pushes Free HTTPS Encryption for all its blogs
On Friday, WordPress announced that it has partnered with the Let’s Encrypt project in order to offer free HTTPS support for all of its users on WordPress.com blogs.
“Today we are excited to announce free HTTPS for all custom domains hosted on WordPress.com.
This brings the security and performance of modern encryption to every blog and website we host.
Best of all, the changes are automatic — you won’t need to do a thing.” Abrahamson wrote in a blog post.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2fe601f56b&e=20056c7556
Microsoft rated 6 of 13 security updates as critical, Badlock bug fix rated important
Microsoft released 13 security updates, including patches for zero-days.
The patch for the Badlock bug is among those rated only as important.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6c134fb103&e=20056c7556
Singapore to introduce new Cybersecurity Act next year
Singapore to introduce new Cybersecurity Act next yearThe Act will require operators of Singapore’s critical information infrastructure to take steps to ensure the resilience of those systems and report cybersecurity incidents, the news site said.
It will also give powers to Singapore’s Cybersecurity Agency (CSA), established last year, to manage cyber incidents and raise the standards of cyber security providers, Yaacob told Singapore’s parliament, the Straits Times said.
Spending on cyber security will rise to at least 8% of the Singapore government’s IT budget, the Ministry of Communications and Information (MCI) said in January.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5de0374a01&e=20056c7556
Cyber incidents in mining a complex topic for risk managers, mining product development has not kept pace with needs: Munich Re
Citing Australia as an example, he says the country already has fully automated mines in which heavy-duty trucks, conveyor systems and trains are managed by remote control from thousands of miles away, drilling equipment is automated, heavy-duty trucks and trains running from the mine to the port operate without a driver, and grinding mills are increasingly controlled and serviced by manufacturers in other countries via the Internet.
“If a remote-controlled train derails or a heavy-duty truck falls down an embankment due to data interference, the resultant loss of revenue would be covered,” Becker says. “But if the very same train, heavy-duty truck or grinding mill just stalls, due to data manipulation, and not creating property damage, the resulting loss of revenue would be called ‘Non Damage Business Interruption’ and is not recoverable under traditional property policies.”
Critical cyber scenarios and their impacts differ from company to company, Becker points out, “and can have major implications on balance sheets and financing capabilities, through to dealing with regulators and rating agencies.”
The Mining Insurance Group (MIG) – an unincorporated association formed in early 2014 and whose membership includes insurers, reinsurers, insurance buyers, brokers, risk managers and service providers – is working toward improving co-operation among mining companies, insurance carriers and other stakeholders, Becker notes.
Beyond cyber, other major mining risks are linked to the basic mining principle of “dealing with mother nature,” Becker says, including explosions due to firedamp and climatic conditions, something Canadian miners are facing, at site locations (from arctic to deserts, seas and high altitude), which are very often remote.
The MIG has already achieved its goal to standardize claims handling and is scheduled to release standard wording for policies Apr. 12, he told Canadian Underwriter.
MIG’s Annual General Meeting is set to take place Tuesday morning in San Diego, notes a posting on the group’s website.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=41335264e5&e=20056c7556
10 Cybersecurity Twitter Profiles To Watch
Eugene Kaspersky | @e_kaspersky | 147,098 followers
Brian Krebs | @briankrebs | 132,350 followers
Mikko Hypponen | @mikko | 123,301 followers
SecuriTay (Taylor Swift) | @SwiftOnSecurity | 121,706 followers
Bruce Schneier | @schneierblog | 81,870 followers
Graham Cluley | @gcluley | 44,974 followers
Jack Daniel | @jack_daniel | 34,439 followers
Joshua Corman | @joshcorman | 24,997 followers
Katie Moussouris | @k8em0 | 22,970 followers
Brian Honan | @BrianHonan | 16,957 followers
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0760d8af7d&e=20056c7556
Websites take control of USB devices: Googlers propose WebUSB API
Two Google engineers have drafted a software interface that allows websites to control USB devices.
Reilly Grant and Ken Rockot say their proposed WebUSB API allows hardware developers to configure and control USB devices from webpages, simplifying the process of installing and setting up equipment.
The Googlers note that WebUSB is not intended to be a one-size-fits-all solution for linking up any USB device with any controller.
The API contains origin protections that will restrict the domains a single device can access and where it can receive updates and downloads, a process the developers liken to the CORS (cross origin resource sharing) protections on HTTP data transfers.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8490f8a3db&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=4e398803ec)
Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)