Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares.
This JSON request instructs the alarm clock on every “alarmSound” event to send a HTTP request to the coffee machine. Whilst this may seem a simple and effective way of implementing the Pub/Sub pattern in HTTP, this poses a significant security risk.
By not being able to validate if the receiver of the subscribed message wants the message or not, there is effectively a DDOS vulnerability. An attacker with the ability to set subscriptions on the alarm clock can effectively send HTTP messages to any device or internet property they want. If this is done across enough devices, a DDOS vulnerability is created.
Toast popping out of a toaster or a car driving across a road traffic sensor could be the trigger of a future large scale DDOS against a web property.
IoT Security Anti-Patterns
(via 4 Short Links)
In PrinTracker: Fingerprinting 3D Printers using Commodity Scanners (Scihub mirror), a paper to be presented at the ACM SIGSAC Conference on Computer and Communications Security conference in Toronto this month, a group of U Buffalo and Northeastern researchers present a model for uniquely identifying which 3D printer produced a given manufactured object, which may allow […]
When security researchers report on the ghastly defects in voting machines, the officials who bought these machines say dismiss their concerns by saying that the tamper-evident seals they put around the machines prevent bad guys from gaining access to their internals.
Medtronic (previously) is a notoriously insecure medical implant manufacturer whose devices have been repeatedly shown to be grossly insecure -- their pacemakers can be hacked before leaving the factory!
Speed reading isn’t just an innate skill possessed by a lucky few. Anyone can learn to speed read, and the benefits are endless. The brain can process more information than most people have time to soak up, but you can make that time now with the 2018 Award-Winning Speed Reading Bundle. The first half of […]
Sure, you could use the same old PowerPoint templates for your next business presentation. It’s not like you have bosses or investors to impress. Oh wait, you do? Time to augment that slideshow with Slideshop – the presentation tool that can individualize your pitch while saving you time. Compatible with PowerPoint, Keynote and Google Slides, […]
Multinational companies have used the no-nonsense methodologies of Six Sigma and Lean Six Sigma to oil a smooth-running operation for years. What is it? Six Sigma (and its offshoot, Lean Six Sigma) apply the principles of science to business, teaching managers to methodically target waste, maximize output and streamline the flow from producer to consumer. […]