In-brief: A year after Mirai, as many as 100,000 devices, globally, may be running some version of the Mirai malware, while countless others are vulnerable to being enlisted in a Mirai-like attack. Worse: these systems may not be patched for “years,” according to the SANS Internet Storm Center.
In-brief: In the latest Security Ledger podcast we talk about pending right to repair laws and their impact on the Internet of Things. Also: Facebook’s Internet Defense Prize went to a better method for spear phishing detection. We talk to a member of the winning team. And, Johannes Ullrich of The Internet Storm Center joins us to talk about a study he did to measure the frequency of attacks on a common IoT device: digital video recorders.
Security Ledger publisher and Editor in Chief Paul Roberts speaks to Leah Figueroa, a Texas-based researcher who warns that colleges and universities – maybe even K-12 school districts – regularly divulge reams of student data to whomever asks, some of it is so-called personally identifying information or PII. Also: Paul talks with Assaf Harel about the future of the “Devil’s Ivy” vulnerability in gSOAP. Will it lead to the next Mirai botnet? Finally, Ashwin Almad of Endgame talks about a new Forrester survey that finds companies struggling to find the people and tools to prevent hacks and data leaks.
In-brief: The Devil’s Ivy vulnerability in the open source gSOAP library is widespread and supposedly trivial to exploit. So why, one month later, haven’t we seen any attacks? Is Devil’s Ivy a dud? ‘Don’t count on it,’ security experts tell us.
In-brief: That’ll be $99, or $150 without the vulnerabilities! A lawsuit in Germany is trying to force stores to come clean about security holes in the products they sell to consumers.
