Tag: hacking

Is A Nest Botnet In Our Future? A Conversation With IoT Researcher Daniel Buentello

Daniel Buentello is one of the top security researchers out there looking into the security of common, consumer products that are part of the growing “Internet of Things.” Most recently, Buentello has been making the rounds of security cons with a presentation he calls “Weaponizing Your Coffee Pot.” The talk, which Bountello presented at the recent DerbyCon hacker conference in Kentucky and at ToorCon in Seattle in July. That talk was something of a call to arms for security folk to start poking around the growing list of IP-enabled consumer products. Buentello notes that most – including products from large firms like Belkin are insecure by design and in deployment. As we noted when we wrote about Buentello presentation early in October, the interesting stuff here is Daniel’s methodology for reverse engineering the software that runs these commercial developments, which offers something of a blueprint for others to follow.  More recently, Buentello turned his gaze to […]

Continue Reading

Report: Adobe Data Breach Ten Times Bigger Than First Reported

The huge security breach at software maker Adobe is even bigger than first reported, with more than 150 million credentials stolen, including records on up to 38 million active customers, according to a report by Brian Krebs at the web site Krebsonsecurity.com. Krebs said in a story posted Tuesday that Adobe’s initial estimates that user names and passwords for around three million customers was well short of the actual number taken by hackers who breached the company’s network. Citing a file posted by the website Anonnews.org, Krebs said the actual number of affected Adobe accounts stolen is much larger: 150 million username and hashed password pairs including credentials for 38 million “active” accounts, according to Adobe spokesperson Heather Edell. Edell told Krebs that Adobe has just completed a campaign to contact active users whose user IDs and encrypted passwords were stolen (including this author). Those customers are being encouraged to change […]

Continue Reading

Microsoft Tests Glass Competitor. But Do Wearables Threaten Privacy, Social Norms?

Forbes has a really interesting article a couple of days back that posited the huge dislocations caused by wearable technology – including front-on challenges to social norms that are thousands of years in the making and contemporary notions of privacy. The applications for wearable technology like Google Glass are too numerous to mention. Just a few include “heads up” displays for surgeons in the operating room. Teachers (or their students) could benefit from having notes displayed in their field of vision, rather than having to resort to printed notes or the (dreaded) Powerpoint slide. But the devil is in the details of the wearable technology, Forbes argues. Unlike external devices – pagers, mobile phones, smart phones – wearable tech is more intimately connected to ourselves: in constant contact with our bodies and notifying us with vibrations and sounds in ways that it may be difficult to ignore, Forbes argues. Indelicately implemented, […]

Continue Reading

Zombies Gone, Problems Persist With Emergency Alert System

More than six months after hacked Emergency Alert System (EAS) hardware allowed a phony warning about a zombie uprising to air in several U.S. states, a security consulting company is warning that serious issues persist in software from Monroe Electronics, whose equipment was compromised in the earlier attack. Software updates issued by Monroe to fix security problems with earlier versions of its software have introduced serious, new issues that could once again allow EAS devices to be compromised by a remote hacker, according to a post by Mike Davis, a researcher at the security firm IOActive on Thursday. Patches issued by Monroe Electronics, the Lyndonville, New York firm that is a leading supplier of EAS hardware, do not adequately address problems raised by Davis and others earlier this year, including the use of “bad and predictable” login credentials. Further inspection by Davis turned up other problems that were either missed […]

Continue Reading

News Roundup: Plundering The Internet Of Things

There were two interesting pieces on the fast-evolving topic of security and the Internet of Things that are worth reading. The first is a long piece by Bob Violino over at CSO that takes the pulse of the IoT and security question right now. The big picture: its early days, but that there are some troubling trends.   The vast expansion of IP-enabled devices is matched by a lack of security know-how at device makers, Violino writes. And, as the environment of “smart devices” grows, the interactions between those devices become more difficult to anticipate – especially as devices start sharing contextual data and taking actions based on that data. “As machines become autonomous they are able to interact with other machines and make decisions which impact upon the physical world,” notes Andrew Rose, a principal analyst at Forrester Research Inc. in Cambridge, Mass. Rose says. “But these are coded by […]

Continue Reading
1 93 94 95 96 97 114