Today’s Reading (Dec 10, 2019)


Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies

Insurance is a fundamental aspect of business risk management used to spread or mitigate financial risk by transferring it to a third party. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow, in size as an industry, and in importance as a service.

But there are issues — not least because there is comparatively little actuarial history on which the industry can base its premiums. While there is a century of auto insurance and many centuries of shipping insurance, there is little more than two decades of cyber insurance history. As a result, both insurers and insureds are still unsure about what it is, what it should or can cover, and how much it should cost.

A security researcher has analyzed three hardware-based password vaults and discovered that credentials are stored in plaintext and survive hardware resets. 

The investigation into these three standalone password managers has revealed that, through hardware hacking, it is possible to read data directly from the chips on the board, security researcher Phil Eveleigh explains. 

Eveleigh tested RecZone Password Safe, passwordsFAST, and Royal Vault Password Keeper devices. A passcode is used to secure these devices, and users are also provided with the ability to add in the URL, username, and password for each site. 

“However one thing I did find consistent across all devices is the keyboard is hard to use and doesn’t encourage strong, complicated passwords,” the researcher explains. 

The analysis, Eveleigh says, starts with adding data to the device, then removing the device’s case to access the board and inspect it. 

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.