Houseguests, technological literacy, and the goddamned wifi: a single chart

Randal Munroe nails it again in an XKCD installment that expresses the likelihood that your houseguests will be able to connect to your wifi (I confess to having been the "firmware" guide -- but also, having been reminded to do something about my own firmware when other difficult houseguests came to stay). Read the rest

Watercooler won't dispense until it finishes updating Windows

Intel Director of Incident Response Jackie Stokes has captured the entirety of 2017 in a single image: a watercooler that won't dispense water until it has installed a Windows upgrade (caption: "I just wanted some water..."). Read the rest

Your smart meter is very secure (against you) and very insecure (against hackers)

In On Smart Cities, Smart Energy, And Dumb Security -- Netanel Rubin's talk at this year's Chaos Communications Congress -- Rubin presents his findings on the failings in the security of commonly deployed smart meters. Read the rest

The Mirai worm is gnawing its way through the Internet of Things and will not stop

The Mirai worm made its way into information security lore in September, when it was identified as the source of the punishing flood of junk traffic launched against Brian Krebs in retaliation for his investigative reporting about a couple of petty Israeli criminals; subsequent analysis showed Mirai to be amateurish and clumsy, and despite this, it went on to infect devices all over the world, gaining virulence as it hybridized with other Internet of Things worms, endangering entire countries, growing by leaps and bounds, helped along by negligent engineering practices at major companies like Sony. Read the rest

The kickstarted Pebble smartwatch is now a division of Fitbit, so they may "reduce functionality" on all the watches they ever sold

If you're one of the 60% of Pebble employees who didn't get a job offer from Fitbit, the company's new owner, you're probably not having a great Christmas season -- but that trepedation is shared by 100% of Pebble customers, who've just learned (via the fine print on an update on the Pebble Kickstarter page) that the company may soon "reduce functionality" on their watches. Read the rest

Not just crapgadgets: Sony's enterprise CCTV can be easily hacked by IoT worms like Mirai

The unprecedented denial-of-service attacks powered by the Mirai Internet of Things worm have harnessed crappy, no-name CCTVs, PVRs, and routers to launch unstoppable floods of internet noise, but it's not just faceless Chinese businesses that crank out containerloads of vulnerable, defective-by-design gear -- it's also name brands like Sony. Read the rest

Two hackers are selling DDoS attacks from 400,000 IoT devices infected with the Mirai worm

The Mirai worm -- first seen attacking security journalist Brian Krebs with 620gbps floods, then taking down Level 3, Dyn and other hardened, well-provisioned internet giants, then spreading to every developed nation on Earth (and being used to take down some of those less-developed nations) despite being revealed as clumsy and amateurish (a situation remedied shortly after by hybridizing it with another IoT worm) -- is now bigger than ever, and you can rent time on it to punish journalists, knock countries offline, or take down chunks of the core internet. Read the rest

A lightbulb worm could take over every smart light in a city in minutes

Researchers from Dalhousie University (Canada) and the Weizmann Institute of Science (Israel) have published a working paper detailing a proof-of-concept attack on smart lightbulbs that allows them to wirelessly take over the bulbs from up to 400m, write a new operating system to them, and then cause the infected bulbs to spread the attack to all the vulnerable bulbs in reach, until an entire city is infected. Read the rest

Winter Denial of Service attack knocks out heating in Finnish homes

A DDoS attack that incidentally affected the internet connections for at least two housing blocks in Lappeenranta, Finland caused their heating systems to shut down, leaving their residents without heat in subzero weather. Read the rest

Internet of Things botnet threatens to knock the entire country of Liberia offline

The various Mirai botnets, which use "clumsy, amateurish code to take over even more clumsy and amateurish CCTVs, routers, PVRs and other Internet of Things devices, have been responsible for some eye-popping attacks this season: first there was the 620Gbps attack on journalist Brian Krebs (in retaliation for his coverage of a couple of petty Israeli crooks); then there was the infrastructure attack that took out Level 3, Netflix, Twitter, Dyn, and many more of the internet's best-defended services. Read the rest

New, fast-spreading IoT botnet hybridizes two less-effective strains to achieve quick dominance

Linux/IRCTelnet is a new strain of Internet of Things malware that borrows its password-guessing routines from Mirai, the malware that helped take down Paypal, Netflix and Twitter, and adds them to the scanning routines from a newer IoT bot called Bashlight. Read the rest

Sneaky ultrasonic adware makes homes vulnerable to ultrasonic hacking

Earlier this year, companies like Silverpush were outed for sneaking ultrasonic communications channels into peoples' devices, so that advertisers could covertly link different devices to a single user in order to build deeper, more complete surveillance profiles of them. Read the rest

China electronics maker will recall some devices sold in U.S. after massive IoT hack

A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday.

Read the rest

Internet-destroying outages were caused by "amateurish" IoT malware

Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders. Read the rest

In which an English technologist livetweets 11 hours of trying to make tea with a "smart" kettle

Mark Rittman is a "BI, DW & Big Data specialist, Oracle ACE Director" who dabbles in home automation and smart appliances: he spent 11 hilarious hours locked in an epic struggle with a wifi-equipped smart kettle, trying to get it to heat water for a cup of tea, livetweeting the battle. Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries

Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

More posts