Collaborate Disseminate
A Raspberry Pi is a tiny computer designed for makers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices…. Continue reading Securing a Raspberry Pi
Attackers used a vulnerability in an Internet-connected fish tank to successfully penetrate a casino’s network. BoingBoing post…. Continue reading Penetrating a Casino’s Network through an Internet-Connected Fish Tank
Articles about serious vulnerabilities in IoT devices and embedded systems are now dime-a-dozen. This one concerns Internet-connected car washes: A group of security researchers have found vulnerabilities in internet-connected drive-through car washes that would let hackers remotely hijack the systems to physically attack vehicles and their occupants. The vulnerabilities would let an attacker open and close the bay doors on… Continue reading Vulnerabilities in Car Washes
The company that sells the Roomba autonomous vacuum wants to sell the data about your home that it collects. Some questions: What happens if a Roomba user consents to the data collection and later sells his or her home — especially furnished — and now the buyers of the data have a map of a home that belongs to someone… Continue reading Roombas will Spy on You
The Segway has a mobile app. It is hackable: While analyzing the communication between the app and the Segway scooter itself, Kilbride noticed that a user PIN number meant to protect the Bluetooth communication from unauthorized access wasn’t being used for authentication at every level of the system. As a result, Kilbride could send arbitrary commands to the scooter without… Continue reading Hacking a Segway
Slashdot asks if password masking — replacing password characters with asterisks as you type them — is on the way out. I don’t know if that’s true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in passwords on small screens and annoying… Continue reading Password Masking
Websites are sending information prematurely: …we discovered NaviStone’s code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as soon as they typed or auto-filled it into an online form. That way, the company would have it… Continue reading Websites Grabbing User-Form Data Before It’s Submitted
Websites are sending information prematurely: …we discovered NaviStone’s code on sites run by Acurian, Quicken Loans, a continuing education center, a clothing store for plus-sized women, and a host of other retailers. Using Javascript, those sites were transmitting information from people as soon as they typed or auto-filled it into an online form. That way, the company would have it… Continue reading Websites Grabbing User-Form Data Before It’s Submitted
Last week, Microsoft issued a security patch for Windows XP, a 16-year-old operating system that Microsoft officially no longer supports. Last month, Microsoft issued a Windows XP patch for the vulnerability used in WannaCry. Is this a good idea? This 2014 essay argues that it’s not: The zero-day flaw and its exploitation is unfortunate, and Microsoft is likely smarting from… Continue reading Is Continuing to Patch Windows XP a Mistake?
Ross Anderson blogged about his new paper on security and safety concerns about the Internet of Things. (See also this short video.) It’s very much along the lines of what I’ve been writing…. Continue reading Safety and Security and the Internet of Things