Our world has always had “script kiddies”, beginner hackers with no real purpose or agenda, using publicly available automated tools for easy attacks. Normally, those attacks are easily found and prevented, but last week they got the equivalent of weapons of mass destruction. For years, the barrier to entry to a career in vulnerability assessments […]Read More AutoSploit: The Collapse of Threat Modeling
I hate IoT. When notifying some manufacturers about vulnerabilities in their devices, we often get a response along the lines of “Version X.YZ of the firmware has a ton of new features, we’ll add it then when it comes out in 8 months!”. That means for 8 months, that vulnerability remains unpatched. Very few people […]Read More The Idiot’s Guide to IoT Security
2017 was one of the worst years on record for data breaches, computer vulnerabilities and malware attacks. Based on the first four days of 2018, those numbers might be eclipsed after security researchers uncovered a few vulnerabilities in virtually all processors made since 1995. The two vulnerabilities are Meltdown, which has been isolated to only […]Read More Beginning 2018 with a Meltdown (F**CKWIT, KAISER, Spectre, etc.)
Tech gifts are awesome. As an engineer, I love getting new gadgets and gizmos to play with, break, and eventually fix. But if someone gets me some mundane object that is internet connected, I’m going to lose my shit. Its a cool concept, instead of a regular bathroom scale, its a machine-learning bathroom scale. It seems appealing […]Read More The Christmas of IoT
A lot of members of the British Houses of Parliament are under fire this week for some pretty terrifying information security practices. And by terrifying I mean that when I first read this I couldn’t believe that someone in a position of power could be so lax with their security. For those that haven’t seen, […]Read More DON’T. SHARE. YOUR. PASSWORDS.
WannaCry caused chaos on thousands of networks, cost billions in damages, and represents a new chapter in cybercrime. 6 months after the attack, system administrators and security specialists still haven’t disabled the archaic software which caused it. Using Shodan I searched for devices which are still running public SMB services at the time of writing. […]Read More 6 months after WannaCry: People never learn
In mid-September, Coinhive created a service which will probably be known as a huge milestone for cryprocurrencies. It allowed websites to insert a small amount of code onto their site which would use idle cycles on the user’s computer to mine for a cryptocurrency called Monero directly within the web browser. The code is written […]Read More Cryptocurrency mining without consent: Drive-by Mining