Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares.
This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk.
By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created.
Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.
IoT Security Anti-Patterns
(via 4 Short Links)
Stalkerware -- spyware sold to people as a means of keeping tabs on their romantic partners, kids, employees, etc -- is a dumpster fire of terrible security (compounded by absentee management), sleazy business practices, and gross marketing targeted at abusive men who want to spy on women.
Data from facial recognition scans performed by US Customs and Border Patrol on travelers crossing at an unnamed lander border point (an anonymous source says it's a US-Canada crossing) have been stolen by hacker or hackers unknown.
SIM swapping attacks involve tricking or bribing a phone company into assigning someone else's phone number to you; once you have the number, you can intercept SMS-based two-factor authentication messages and use them to take over accounts.
Whether you’re an artist, designer or just organizing a photo album, photo editing software is a must. And software designers know it: Platforms like Photoshop and Lightroom have a ton of helpful features, but you’ll pay for them in spades. Luckily, there’s some competition in the photo editing arena. Right now, Skylum’s Luminar software is […]
Who needs a holiday sale? Sometimes there’s no better time than the thick of summer to find deals. We should know – we’ve found ten deep discounts on some must-have items. Whether you’re searching for CBD edibles, exercise gear, chargers or other tech, take a look. But don’t look long – these prices aren’t likely […]
Heading abroad? Even if it’s just a short trip, there’s a lot to prepare for. Travel can be incredibly rewarding, but it can tricky to navigate different cultures and lodging arrangements – and even trickier to do it cheaply. Before you go shopping for suitcases, here’s our pick for a good first investment: The Ultimate […]