O Futuro do POS – oportunidades – parte 2

By: Alexandre Vasconcelos

Nada é mais clichê atualmente do que dizer que as mudanças ocorrem muito rapidamente na área de tecnologia, mas em se tratando do ecossistema de soluções POS (Point of Sale) não há como escapar. Como dito no primeiro artigo desta série (O Futuro do POS – Fraquezas), as questões relacionadas a segurança, como vulnerabilidades e a variedade de plataformas são temas difíceis de esgotar, sempre existem novidades. Além disso, a tão falada “guerra das maquinhas” tem ocupado um bom espaço na mídia, e estes dispositivos desempenham um papel central (apesar de imperceptível aos olhos do público não especializado) neste mercado.

Considerando o segmento, as oportunidades surgirão para:

  1. Hardware
  2. Software
  3. Serviços

Difícil explorar todos estes segmentos em um curto artigo, no entanto é fundamental destacar alguns pontos que já estão moldando este mercado; sendo que um salto tecnológico está em pleno curso e logo todos estarão utilizando novas tecnologias sem perceber a importância da mudança.

No que diz respeito ao hardware, as oportunidades no momento estão no esgotamento dos dispositivos existentes, com máquinas com baixo poder de processamento e mais baratas, oferecendo tecnologia insuficiente para avançar em um mercado tão competitivo. Em seguida vêm as máquinas mais recentes, com telas maiores e sistema operacional Android, capazes de oferecer mais funcionalidades, como aplicativos de gestão; no entanto, ainda visceralmente ligadas a um modelo de negócios que está rapidamente tornando-se ultrapassado, mas há que se espremer até a última gota, pois o mercado ainda comportará este modelo por um período, mas estão com os dias contados. Neste ponto ainda é possível que apareça uma nova geração de dispositivos POS, buscando explorar ainda mais o que resta deste mercado antes do próximo nível, os mais corajosos estarão navegando por estas águas perigosas. Veremos. E por último, os dispositivos mPOS (Mobile Point of Sale) estão chegando como uma pequena onda, que não possui o poder destrutivo de um tsunami, mas que por onde passarem abalarão o mercado das máquinas POS existentes, minando sua resistência para logo mais adiante substituí-las, considerando a toda a sua atratividade e flexibilidade.

O software é a alma do hardware, e o mercado de aplicativos já é um caldeirão fervente e intensamente competitivo nesta era de mobilidade. Neste âmbito, não faltarão oportunidades para quem desenvolve software, oferecendo possibilidades até bem pouco tempo somente possíveis em computadores de mesa. Importante ressaltar a importância, muitas vezes negligenciada, do papel desempenhado pela segurança do software neste ecossistema; desde o sistema operacional aos aplicativos que serão utilizados no dia a dia pelos clientes. O artigo anterior desta série explora algumas destas fraquezas que devem ser levadas em consideração. O desenvolvimento de uma cadeia robusta e fortemente conectada por meio de APIs e validadores de transações tendo como base um sistema operacional seguro e sempre atualizado serão pontos chave para o sucesso neste mercado.

Levando o tema para o lado de Serviços, momentos assim únicos estimulam a geração de inúmeras oportunidades, e em um mercado dinâmico e rápido como este não há tempo a se perder. Por isso, levando-se em conta o cenário atual, percebe-se claramente que seus players buscam fortemente o esgotamento de todas as possibilidades de negócios, como por exemplo:

More: http://tiinside.com.br/tiinside/seguranca/artigos-seguranca/14/05/2019/o-futuro-do-pos

Keep it simple, keep it safe—the importance of lean software for secure vehicles

By: Automotive World

Each additional line of code creates new potential for cyber attackers to find a way in to the system. Freddie Holmes finds out how a diet could be in store for automotive software as the industry cracks down on complexity

Many premium vehicles on sale today now contain more software than a commercial aircraft, in some cases exceeding 100 million lines of code. The number of electronic control units (ECUs) in modern cars has soared, bringing swathes of new functionalities to consumers. Worryingly, it has also created opportunities for hackers to tamper with critical driving functions, with potentially dire consequences.

In an effort to reverse the trend, the industry has embarked on a strategy to reduce the number of ECUs within new vehicles and cut back on unnecessary coding. It has seen automakers and suppliers alike place cyber security as a top priority moving forward. Indeed, while California-based Green Hills Software (GHS) has its roots in the aerospace and defence sectors, automotive has quickly become the company’s largest market segment.

Software overload

Software currently dominates the rhetoric within automotive as the introduction of connected and automated features ramps up. ECUs have been added at will to support these technologies, but it has raised concern within the cyber security community. “Some people would say the trend was out of control,” said Joe Fabbre, Director of Platform Solutions at GHS. “In recent years, manufacturers would add another ECU every time a new function was introduced to a vehicle.”

A similar trend can be seen with connectivity. In the cockpit, digital dashes are fast becoming the norm in upmarket models—consider Audi’s Virtual Cockpit and the Peugeot i-Cockpit, for example. “There has been a rush to get systems internet-connected in order to provide additional services. At the same time, self-driving computers have also arrived,” said Fabbre. With a mix of safety-critical and entertainment-focussed software now running alongside each other, vehicles have become increasingly vulnerable. “Not enough thought has been put into the security architecture of the overall system. Luckily, we have not seen any malicious hacks in the wild, but researchers have proven that it is possible to perform remote attacks on these connected computers that now reside in cars.”

More: https://www.automotiveworld.com/articles/keep-it-simple-keep-it-safe-the-importance-of-lean-software-for-secure-vehicles/

Tech firms let Russia hunt for vulnerabilities in software widely used by the US government

By: sikur

Capturar

by Reuters

January 25, 2018

Major global technology providers SAPSymantec and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found.

The practice potentially jeopardizes the security of computer networks in at least a dozen federal agencies, U.S. lawmakers and security experts said. It involves more companies and a broader swath of the government than previously reported.

In order to sell in the Russian market, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers.

But those same products protect some of the most sensitive areas of the U.S. government, including the Pentagon, NASA, the State Department, the FBI and the intelligence community, against hacking by sophisticated cyber adversaries like Russia.

Reuters revealed in October that Hewlett Packard Enterprise software known as ArcSight, used to help secure the Pentagon’s computers, had been reviewed by a Russian military contractor with close ties to Russia’s security services.

Now, a Reuters review of hundreds of U.S. federal procurement documents and Russian regulatory records shows that the potential risks to the U.S. government from Russian source code reviews are more widespread.

Beyond the Pentagon, ArcSight is used in at least seven other agencies, including the Office of the Director of National Intelligence and the State Department’s intelligence unit, the review showed. Additionally, products made by SAP, Symantec and McAfee and reviewed by Russian authorities are used in at least eight agencies. Some agencies use more than one of the four products.

McAfee, SAP, Symantec and Micro Focus, the British firm that now owns ArcSight, all said that any source code reviews were conducted under the software maker’s supervision in secure facilities where the code could not be removed or altered. The process does not compromise product security, they said. Amid growing concerns over the process, Symantec and McAfee no longer allow such reviews and Micro Focus moved to sharply restrict them late last year.

The Pentagon said in a previously unreported letter to Democratic Senator Jeanne Shaheen that source code reviews by Russia and China “may aid such countries in discovering vulnerabilities in those products.”

Reuters has not found any instances where a source code review played a role in a cyberattack, and some security experts say hackers are more likely to find other ways to infiltrate network systems.

But the Pentagon is not alone in expressing concern. Private sector cyber experts, former U.S. security officials and some U.S. tech companies told Reuters that allowing Russia to review the source code may expose unknown vulnerabilities that could be used to undermine U.S. network defenses.

“Even letting people look at source code for a minute is incredibly dangerous,” said Steve Quane, executive vice president for network defense at Trend Micro, which sells TippingPoint security software to the U.S. military.

Worried about those risks to the U.S. government, Trend Micro has refused to allow the Russians to conduct a source code review of TippingPoint, Quane said.

MORE:https://www-cnbc-com.cdn.ampproject.org/c/s/www.cnbc.com/amp/2018/01/25/tech-firms-let-russia-hunt-for-vulnerabilities-in-software-widely-used-by-the-us-government.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist