Last October, floods of traffic from Internet of Things devices infected by the Mirai worm brought down several high profile internet services, from Level 3 to Dyn to Twitter and Reddit. Read the rest
An excellent excerpt from Aaron Perzanowski and Jason Schultz's The End of Ownership: Personal Property in the Digital Economy on Motherboard explains how Section 1201 of the 1998 Digital Millennium Copyright Act -- which bans tampering with or bypassing DRM, even for legal reasons -- has allowed corporations to design their products so that using them in unapproved ways is an actual felony. Read the rest
It's not just that smart cars' Android apps are sloppily designed and thus horribly insecure; they are also deliberately designed with extremely poor security choices: even if you factory-reset a car after it is sold as used, the original owner can still locate it, honk its horn, and unlock its doors. Read the rest
A university, mercifully left unnamed, blew off complaints from students about its slow network. When the problem became too bad to ignore, their IT team found the culprit thanks to a "sudden big interest in seafood-related domains."
The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes. Of these, nearly all systems were found to be living on the segment of the network dedicated to our IoT infrastructure. With a massive campus to monitor and manage, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies. While these IoT systems were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet. ... botnet spread from device to device by brute forcing default and weak passwords. Once the password was known, the malware had full control of the device and would check in with command infrastructure for updates and change the device’s password – locking us out of the 5,000 systems.
The Internet of Hacked Things strikes again! I'm sure some content filtering and updating passwords will do the trick. Read the rest
Nathan writes, "Wanting a more immediate and responsive way to do something about the outrage a friend and I felt every time we read about the latest assaults on civil liberties, I built an Amazon Dash button that sends $5 to the ACLU every time I press it. Repurposing the technology to do good, not just buy goods." Read the rest
Randal Munroe nails it again in an XKCD installment that expresses the likelihood that your houseguests will be able to connect to your wifi (I confess to having been the "firmware" guide -- but also, having been reminded to do something about my own firmware when other difficult houseguests came to stay). Read the rest
Television anchors on San Diego's CW6 were discussing how a young girl "accidentally" ordered a dollhouse and four pounds of cookies by talking to Amazon's Alexa when one of the anchors said "I love the little girl, saying ‘Alexa ordered me a dollhouse." Oops. From CW6 San Diego:
As soon as (anchor Jim) Patton said that, viewers all over San Diego started complaining their echo devices had tried to order doll houses...
Amazon says shopping settings can be managed via its Alexa app, including turning off voice purchasing and creating a confirmation code before any order.
The company also says any “accidental” physical orders can be returned for free.
Oliver Schmidt led Volkswagen regulatory compliance office from 2014 to Mar 2015, and it was he who issued statements dismissing the initial West Virginia University reports of cheating in the emissions control systems of the company's cars, lying to US regulators and insisting that the systems were merely buggy, and not deliberately designed to get around emissions testing; after the company admitted to the fraud, he appeared before the British Parliament and insisted that the fraud didn't violate EU law. Read the rest
In Cryptomancer, players inhabit a fantasy world populated with elves, dwarves and humans, but they win out by designing and undermining cryptographically secured networks of magical gems that allow different factions to coordinate their actions over distance. Read the rest
The Mirai worm made its way into information security lore in September, when it was identified as the source of the punishing flood of junk traffic launched against Brian Krebs in retaliation for his investigative reporting about a couple of petty Israeli criminals; subsequent analysis showed Mirai to be amateurish and clumsy, and despite this, it went on to infect devices all over the world, gaining virulence as it hybridized with other Internet of Things worms, endangering entire countries, growing by leaps and bounds, helped along by negligent engineering practices at major companies like Sony. Read the rest
If you're one of the 60% of Pebble employees who didn't get a job offer from Fitbit, the company's new owner, you're probably not having a great Christmas season -- but that trepedation is shared by 100% of Pebble customers, who've just learned (via the fine print on an update on the Pebble Kickstarter page) that the company may soon "reduce functionality" on their watches. Read the rest
The unprecedented denial-of-service attacks powered by the Mirai Internet of Things worm have harnessed crappy, no-name CCTVs, PVRs, and routers to launch unstoppable floods of internet noise, but it's not just faceless Chinese businesses that crank out containerloads of vulnerable, defective-by-design gear -- it's also name brands like Sony. Read the rest
The Mirai worm -- first seen attacking security journalist Brian Krebs with 620gbps floods, then taking down Level 3, Dyn and other hardened, well-provisioned internet giants, then spreading to every developed nation on Earth (and being used to take down some of those less-developed nations) despite being revealed as clumsy and amateurish (a situation remedied shortly after by hybridizing it with another IoT worm) -- is now bigger than ever, and you can rent time on it to punish journalists, knock countries offline, or take down chunks of the core internet. Read the rest