Samy Kamkar hacks IoT security camera to show exploitable dangers to enterprise

ForeScout Technologies released an “IoT Enterprise Risk Report” (pdf) which identified seven IoT devices that can be hacked in as little as three minutes: IP-connected security systems, smart HVACs and energy meters, VoIP phones, connected printers, video conferencing systems, smart light bulbs and smart refrigerators. Although the hack might only take a few minutes to pull off, it might take weeks to find and fix.Other “key findings” of the report include: Should any of these devices become infected, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack. Cybercriminals can leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment. With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls. Via connected HVAC systems and energy meters, hackers can force critical rooms (e.g. server rooms) to overheat critical infrastructure and ultimately cause physical damage. Potential scenarios for after an IoT device is hacked include using compromised smart video conferencing systems for spying via camera and microphone, disabling security cameras to allow physical break-ins, snooping on calls via VoIP phones and snagging private company Continue reading

Samy Kamkar hacks IoT security camera to show exploitable dangers to enterprise

ForeScout Technologies released an “IoT Enterprise Risk Report” (pdf) which identified seven IoT devices that can be hacked in as little as three minutes: IP-connected security systems, smart HVACs and energy meters, VoIP phones, connected printers, video conferencing systems, smart light bulbs and smart refrigerators. Although the hack might only take a few minutes to pull off, it might take weeks to find and fix.Other “key findings” of the report include: Should any of these devices become infected, hackers can plant backdoors to create and launch an automated IoT botnet DDoS attack. Cybercriminals can leverage jamming or spoofing techniques to hack smart enterprise security systems, enabling them to control motion sensors, locks and surveillance equipment. With VoIP phones, exploiting configuration settings to evade authentication can open opportunities for snooping and recording of calls. Via connected HVAC systems and energy meters, hackers can force critical rooms (e.g. server rooms) to overheat critical infrastructure and ultimately cause physical damage. Potential scenarios for after an IoT device is hacked include using compromised smart video conferencing systems for spying via camera and microphone, disabling security cameras to allow physical break-ins, snooping on calls via VoIP phones and snagging private company Continue reading

Cybersecurity Isn’t Always a “Boardroom Issue”

We’ve all heard or read the rhetoric that “cybersecurity has become a boardroom issue.”  I certainly agree that we are trending in this direction but is this true today or nothing more than marketing hype?ESG recently published a new research report in collaboration with the Information Systems Security Association (ISSA) titled, The State of Cyber Security Professional Careers, to ask a number of questions and truly capture the voice of cybersecurity professionals. As part of this project, cybersecurity professionals were asked if their CISO’s (or similar role) participation with executive management (i.e. CEO, board of directors, etc.) was at an adequate level.  Just over (56%) half answered “yes,” but 16% thought the level of CISO participation with executive management should increase somewhat while another 12% believe that the CISO’s level of participation with executive management should increase significantly.  The remaining 16% responded, “don’t know” (note: I am an ESG employee).   To read this article in full or to leave a comment, please click here

Cybersecurity Isn’t Always a “Boardroom Issue”

We’ve all heard or read the rhetoric that “cybersecurity has become a boardroom issue.”  I certainly agree that we are trending in this direction but is this true today or nothing more than marketing hype?ESG recently published a new research report in collaboration with the Information Systems Security Association (ISSA) titled, The State of Cyber Security Professional Careers, to ask a number of questions and truly capture the voice of cybersecurity professionals. As part of this project, cybersecurity professionals were asked if their CISO’s (or similar role) participation with executive management (i.e. CEO, board of directors, etc.) was at an adequate level.  Just over (56%) half answered “yes,” but 16% thought the level of CISO participation with executive management should increase somewhat while another 12% believe that the CISO’s level of participation with executive management should increase significantly.  The remaining 16% responded, “don’t know” (note: I am an ESG employee).   To read this article in full or to leave a comment, please click here

Issuing Junos Commands Using Ansible raw Module

If you want to issue something quick on a lot of devices, you don’t need to write a whole Ansible playbook to do that.  In fact you don’t really need the Junos module installed.

Ansible expects there to be Python on the managed device.  As you can read in this PacketPushers blog, it pushes the module out to the device and tries to execute it there.  Junos is going to get on-box Python at some point, but right now that’s roadmap (or SOPD if you must).

Suppose you want to find out what version of software you have on a your lab device, here’s a quick way to do that.

$ ansible 192.168.30.20 -m raw -a "show version" -u username -k
SSH password:
192.168.30.20 | SUCCESS | rc=0 >>
fpc0:
--------------------------------------------------------------------
Model: ex2200-24t-4g
JUNOS Base OS boot [12.3R12.4]
JUNOS Base OS Software Suite [12.3R12.4]
JUNOS Kernel Software Suite [12.3R12.4]
JUNOS Crypto Software Suite [12.3R12.4]
JUNOS Online Documentation [12.3R12.4]
JUNOS Enterprise Software Suite [12.3R12.4]
JUNOS Packet Forwarding Engine Enterprise Software Suite [12.3R12.4]
JUNOS Routing Software Suite [12.3R12.4]
JUNOS Web Management  Continue reading

39% off Behringer Xenyx 802 Premium 8-Input 2-Bus Mixer, for Podcasting or Musicians – Deal Alert

This premium 8 input 2 bus mixer lets you mix multiple audio sources in real time, and output them to you computer, making it ideal for podcasting, live music, and more. Take your podcast to the next level by taking calls over Skype. Studio grade compressors let you mix vocals and instrumentals with professional grade sound. Good for a live show at a coffee shop, a kareoke party, even a simple public announcement and everything in between. The combinations are endless and the built-in studio-grade, phantom-powered XENYX Mic Preamps and ultra-musical “British” channel EQ will make even the simplest setup sound great. Comes with free audio recording, editing and podcasting software plus 150 instrument/effect plug-ins downloadable. This #1 Amazon best seller averages 4.5 out of 5 stars from over 600 people (read reviews) and its list price of $97.99 is currently discounted 39% to just $59.81. To read this article in full or to leave a comment, please click here

How Cloudflare’s Architecture Allows Us to Scale to Stop the Largest Attacks

The last few weeks have seen several high-profile outages in legacy DNS and DDoS-mitigation services due to large scale attacks. Cloudflare's customers have, understandably, asked how we are positioned to handle similar attacks.

While there are limits to any service, including Cloudflare, we are well architected to withstand these recent attacks and continue to scale to stop the larger attacks that will inevitably come. We are, multiple times per day, mitigating the very botnets that have been in the news. Based on the attack data that has been released publicly, and what has been shared with us privately, we have been successfully mitigating attacks of a similar scale and type without customer outages.

I thought it was a good time to talk about how Cloudflare's architecture is different than most legacy DNS and DDoS-mitigation services and how that's helped us keep our customers online in the face of these extremely high volume attacks.

Analogy: How Databases Scaled

Before delving into our architecture, it's worth taking a second to think about another analogous technology problem that is better understood: scaling databases. From the mid-1980s, when relational databases started taking off, through the early 2000s the way companies thought of scaling Continue reading

Google Fiber puts expansion plans on hold to review strategy

Google Fiber has paused plans to roll out fiber optic cables across a number of U.S. cities, as the company reevaluates its strategy to presumably use mainly wireless to provide high-speed Internet service.Work on Google Fiber is to continue in in the cities where it has been launched or is under construction, wrote Craig Barratt, senior vice president at Alphabet and CEO of its Access unit, of which Google Fiber is a part. In the “potential Fiber cities” where  Google Fiber was still at the stage of exploratory discussions, the project will pause operations.To read this article in full or to leave a comment, please click here

Google Fiber puts expansion plans on hold to review strategy

Google Fiber has paused plans to roll out fiber optic cables across a number of U.S. cities, as the company reevaluates its strategy to presumably use mainly wireless to provide high-speed Internet service.Work on Google Fiber is to continue in in the cities where it has been launched or is under construction, wrote Craig Barratt, senior vice president at Alphabet and CEO of its Access unit, of which Google Fiber is a part. In the “potential Fiber cities” where  Google Fiber was still at the stage of exploratory discussions, the project will pause operations.To read this article in full or to leave a comment, please click here

10 things Apple’s new Macs could (and should) copy from the PC

What will the next Macs have? Ask a PC Image by Gordon Mah UngAt long last, Apple is expected to unveil new MacBooks and possibly other Mac hardware on Thursday. The usual rumors fly ahead of the event, hinting at everything from long-overdue internal updates to innovative OLED touch strips.To find out just what Apple could (and should) introduce, however, all I had to do was look at what PC makers have already been shipping for months. Who knows—maybe Apple did the same thing. As we eagerly await the coming of the new Macs, check out the features we hope Apple ripped off from PC makers.To read this article in full or to leave a comment, please click here

MySQL face-off: Amazon outscales Google

Many web applications have been built on an open source stack that included MySQL. Despite its limitations, MySQL managed to become the world’s most widely used open source RDBMS. What limitations, you ask? Out of the box, MySQL does not scale all that well and, in particular, cannot handle a lot of simultaneous clients compared to commercial databases.To read this article in full or to leave a comment, please click here(Insider Story)

Flash mobs the latest threat this holiday season

The holiday season rings in more than just higher sales for retailers. There's also more shoplifting and lower profit margins than the rest of the year, according to a report released today. Plus, this year, there's an extra surprise -- flash mobs.Not the dancing, music-playing, watching-a-couple-get-engaged kind of flash mobs. But the kind of flash mobs where a bunch of people all show up at a store at once, pull hats low over their heads, grab everything in sight, and split.Just last week, there was a flash mob at an Apple store in Natick, Mass., that took off with more than $13,000 worth of iPhones in less than a minute.To read this article in full or to leave a comment, please click here

Flash mobs the latest threat this holiday season

The holiday season rings in more than just higher sales for retailers. There's also more shoplifting and lower profit margins than the rest of the year, according to a report released today. Plus, this year, there's an extra surprise -- flash mobs.Not the dancing, music-playing, watching-a-couple-get-engaged kind of flash mobs. But the kind of flash mobs where a bunch of people all show up at a store at once, pull hats low over their heads, grab everything in sight, and split.Just last week, there was a flash mob at an Apple store in Natick, Mass., that took off with more than $13,000 worth of iPhones in less than a minute.To read this article in full or to leave a comment, please click here

Russian criminals’ bank attacks go global

Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report -- and a new breed of mobile attack apps is coming up next.Criminals stole nearly $44 million directly from Russian banks in the last half of 2015 and the first half of 2016, according to Dmitiry Volkov, co-founder and head of threat intelligence at Moscow-based Group-IB.That was up 292 percent from the same period a year earlier. Direct, targeted attacks against banks now account for 45 percent of all bank-related cybercrime in Russia.To read this article in full or to leave a comment, please click here

Russian criminals’ bank attacks go global

Russian cybercriminals have field tested their attack techniques on local banks, and have now begun taking them global, according to a new report -- and a new breed of mobile attack apps is coming up next.Criminals stole nearly $44 million directly from Russian banks in the last half of 2015 and the first half of 2016, according to Dmitiry Volkov, co-founder and head of threat intelligence at Moscow-based Group-IB.That was up 292 percent from the same period a year earlier. Direct, targeted attacks against banks now account for 45 percent of all bank-related cybercrime in Russia.To read this article in full or to leave a comment, please click here

Cyber after Snowden

Since Edward Snowden leaked classified information from the National Security Agency (NSA) in 2013, the FBI and Apple had a public battle around privacy, Shadow Brokers leaked some of the NSA's hacking tools, and Hal Martin, an ex-NSA contractor was arrested for stealing classified information.To read this article in full or to leave a comment, please click here

1 2,581 2,582 2,583 2,584 2,585 3,853