Internet of Things Candle
There’s a Kickstarter for an actual candle, with real fire, that you can control over the Internet. What could possibly go wrong?… Continue reading Internet of Things Candle
Collaborate Disseminate
There’s a Kickstarter for an actual candle, with real fire, that you can control over the Internet. What could possibly go wrong?… Continue reading Internet of Things Candle
Ten years ago, I wrote an essay: "Security in 2020." Well, it’s finally 2020. I think I did pretty well. Here’s what I said back then: There’s really no such thing as security in the abstract. Security can only be defined in relation to something else. You’re secure from something or against something. In the next 10 years, the traditional… Continue reading Security in 2020: Revisited
Ten years ago, I wrote an essay: "Security in 2020." Well, it’s finally 2020. I think I did pretty well. Here’s what I said back then: There’s really no such thing as security in the abstract. Security can only be defined in relation to somethi… Continue reading Security in 2020: Revisited
It’s a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a… Continue reading Half a Million IoT Device Passwords Published
DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible: In total, our researchers discovered five vulnerabilities of four different kinds: Data exposure: PDF files of shared whiteboards (e.g. meeting notes) and other sensitive files (e.g., OTA — over-the-air updates) were stored in a publicly accessible AWS S3 bucket that also lacked TLS encryption… Continue reading Lousy IoT Security
Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the U.S. National Transportation Safety Board (NTSB) this week. But while… Continue reading NTSB Investigation of Fatal Driverless Car Accident
Long Twitter thread about the tracking embedded in modern digital televisions. The thread references three academic papers…. Continue reading Tracking by Smart TVs
In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases) […] This dataset contains products such as home routers, enterprise equipment, smart… Continue reading Measuring the Security of IoT Devices
In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of d… Continue reading Measuring the Security of IoT Devices
The Independent Commission on Examination Malpractice in the UK has recommended that all watches be banned from exam rooms, basically because it’s becoming very difficult to tell regular watches from smart watches…. Continue reading Smart Watches and Cheating on Tests