Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares.
This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk.
By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created.
Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.
IoT Security Anti-Patterns
(via 4 Short Links)
A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations.
Konrad Rieck has data-mined the nine top security conferences, compiling a decade-by-decade list of the papers most often cited in the presentations delivered at these events: top of the pile is Random Oracles are Practical: A Paradigm for Designing Efficient Protocols (Sci-Hub mirror), from the 1993 ACM Conference on Computer and Communications Security. Rieck has […]
Packing files into archives like zips, tars, jars, wars, cpios, apks, rars and 7zs is a common way to keep important files and filesystem structures together when sharing them; it's also a source of potentially dangerous malware attacks.
The human eye is a powerful thing, but it’s not so great at seeing in the dark or around tight spaces, which is partially why most of us struggle with unplugging drains, cleaning under the fridge, and other hard-to-reach jobs. This 1080p HD Waterproof WiFi Wireless Endoscopic Camera, however, gives you the flexibility necessary to get […]
Macs are undeniably some of the most versatile computers on the market, but they can do so much more than what their stock apps allow. For those looking to get the most out of their Mac hardware, the Pay What You Want 2018 Super Mac Bundle features 10 of the industry’s top apps, including photo editors and […]
Salesforce has reinvented the way companies manage customer information, close deals, and ultimately drive revenue, so it should come as no surprise that it’s one of the more valuable skills you can list on your resume today. In fact, according to research from Burning Glass, this platform is now the 7th most in-demand software skill, beating out […]