Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares.
This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk.
By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created.
Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.
IoT Security Anti-Patterns
(via 4 Short Links)
Information security firm Bishop Fox's "Cybersecurity Style Guide" is 92 pages' worth of usage notes from the confusing world of technical jargon, a combination of glossary, pronunciation guide and style manual (in the manner of the jargon file), and includes the notation that "cyber-" is an ill-advised prefix.
Connecting voting machines to the internet is a terrible idea: the machines are already notoriously insecure, and once they're online, anyone, anywhere in the world becomes a potential attacker.
The only thing worse than driving a car with defective brakes is unknowingly driving a car with defective brakes -- and learning about them the hard way.
The web is vast, and while there’s room for everyone, competition is stiff when it comes to landing on that first page of a Google search. That’s why developers aren’t afraid to spend exorbitant amounts of time and money on search engine optimization (SEO) to ensure their sites rank higher than others. However, not all […]
Many of us enjoy the aesthetic of vintage electronics, but trying to use most hardware from the 1950’s isn’t necessarily practical. This is especially true where speakers are concerned. While most of us can appreciate the old-school feel of retro speakers, they have a hard time matching the convenience and power delivered by today’s Bluetooth speakers. […]
Python is one of the most popular and versatile programming languages used by developers today, making it an ideal first choice for those looking to kickstart a career in programming. While you could go back to school or sign up for a pricey coding bootcamp, you can learn the essentials of coding with Python at […]