application security

The Enduring Terribleness of Home Router Security Matters to IoT

Last week, home broadband router maker ASUS was the latest vendor to issue an emergency patch for a critical vulnerability in its products. This, after proof-of-concept exploit code was released for the so-called “Inforsvr” vulnerability that affects several ASUS home routers. That vulnerability -if left unpatched – would allow anyone with access to a home- or small business network that used an ASUS broadband router to, essentially, commandeer the device. The “infosvr” feature is typically used for device discovery by the ASUS Wireless Router Device Discovery Utility, but the service also allowed unauthenticated users to execute commands through it using the “root” permissions, according to researcher Friedrich Postelstorfer, who created a proof of concept exploit for the security hole and released it on January 4. The exploit code finally prompted a patch from ASUS on January 13. The company had spent months analyzing the issue and working on a fix. Patch aside, it has been a worrying month for the […]

Continue Reading

The Skinny on IoTivity, the New, Open Source IoT Framework

  In brief: The Open Interconnect Consortium (OIC) introduced a new, open source framework to connect billions of smart devices from a wide variety of vendors. But has the IoT standards horse already left the barn? 

Continue Reading

Android in the Coal Mine: Open Source, Patching and Internet of Things

In brief: Google’s decision not to patch a security hole in versions of Android used by hundreds of millions of consumers is a bad omen for the Internet of Things and will likely push some Android users to alternative versions of the operating system.  

Continue Reading

At Electronics Bash, FTC Chairwoman Calls for Privacy, Security on IoT

  The Wall Street Journal reports on an address that FTC Chairwoman Edith Ramirez gave to the folks out at CES, the Consumer Electronics Show, in Las Vegas. From the report: “Ramirez outlined several concerns including ubiquitous data collection, or the ability of sensors to collect sensitive personal information about consumers all the time and in real time; unexpected uses of consumer data, such using individual energy use patterns to set their homeowners’ insurance rates; and cybersecurity threats. “She also noted opportunities. ‘Whether it’s a remote valet parking assistant, which allows drivers to get out of their cars and remotely guide their empty car to a parking spot; a new fashionable bracelet that allows consumers to check their texts and see reviews of nearby restaurants; or smart glucose meters, which make glucose readings accessible both to those afflicted with diabetes and their doctors, the IoT has the potential to transform […]

Continue Reading

Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]

Continue Reading
1 15 16 17 18 19 47