Informations about SSL certificates and networks security
Auto Added by WPeMatico
Andrew Odlyzko’s new essay is worth reading — “Cybersecurity is not very important“: Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure. Yet the world is doing remarkably well overall, and … Read More “An Argument that Cybersecurity Is Basically Okay” »
The Nest home alarm system shipped with a secret microphone, which — according to the company — was only an accidental secret: On Tuesday, a Google spokesperson told Business Insider the company had made an “error.” “The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” … Read More “The Latest in Creepy Spyware” »
Recent articles about IoT vulnerabilities describe hacking of construction cranes, supermarket freezers, and electric scooters. Powered by WPeMatico
The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption). Root certificate and RSA private … Read More “Security Analysis of the LIFX Smart Light Bulb” »
The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what’s insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, … Read More “Japanese Government Will Hack Citizens’ IoT Devices” »
Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks quickly and … Read More “Hacking Construction Cranes” »
Due to ever-evolving technological advances, manufacturers are connecting consumer goods — from toys to light bulbs to major appliances — to the Internet at breakneck speeds. This is the Internet of Things, and it’s a security nightmare. The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon’s Alexa, … Read More “New IoT Security Regulations” »
Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it’s reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn’t store video from the DCS-2630L in the cloud. Instead, the camera has its own, onboard web server, which can deliver video to the … Read More “Consumer Reports Reviews Wireless Home-Security Cameras” »
This seems bad: The F25 software was found to contain a capture replay vulnerability — basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. “These devices use fixed codes that are … Read More “Security Vulnerability in Internet-Connected Construction Cranes” »
IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers’ interests: either by the device manufacturer or by some third party the manufacturer sells the data to. Of course, this data can … Read More “Are the Police Using Smart-Home IoT Devices to Spy on People?” »