Comments
Internet Of Things Contains Average Of 25 Vulnerabilities Per Device
Newest First  |  Oldest First  |  Threaded View
markoer
50%
50%
markoer,
User Rank: Apprentice
7/30/2014 | 6:06:36 AM
Re: Ok, but....
Thanks a lot, Kelly!
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/29/2014 | 2:43:42 PM
Re: Ok, but....
Here you go: http://fortifyprotect.com/HP_IoT_Research_Study.pdf

The link has now been added to the story, too. Thanks!
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
7/29/2014 | 2:41:22 PM
Re: Ok, but....
Here you go: http://fortifyprotect.com/HP_IoT_Research_Study.pdf

The link has now been added to the story, too. Thanks!
markoer
50%
50%
markoer,
User Rank: Apprentice
7/29/2014 | 12:08:28 PM
Ok, but....
...where is the link to the HP study?...
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
7/29/2014 | 10:53:30 AM
Re: 25 vulns/device
I think we have come to accept that all things are vulnerable, so it really boils down to a risk vs benefit/utility analysis. If vulnerabilities can be mitigated without outweighing the benefit or utility, then it becomes an organizational decision. On a personal level, my smartphone is an essential need, but the need to control my home thermostat remotely just doesn't have the same level of utility as my phone, and is the last thing I need to worry about. I guess it all comes down to a matter of priorities.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/29/2014 | 9:44:33 AM
25 vulns/device
That seems pretty high to me, but how does that compare to, for instance, a typical smartphone or tablet? I'd also be curious to know if OWASP has info abut which are most vulnerabe IoT devices on the market.


Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9276
PUBLISHED: 2019-01-16
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an...
CVE-2015-9277
PUBLISHED: 2019-01-16
MailEnable before 8.60 allows Directory Traversal for reading the messages of other users, uploading files, and deleting files because "/../" and "/.. /" are mishandled.
CVE-2015-9278
PUBLISHED: 2019-01-16
MailEnable before 8.60 allows Privilege Escalation because admin accounts could be created as a consequence of %0A mishandling in AUTH.TAB after a password-change request.
CVE-2015-9279
PUBLISHED: 2019-01-16
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
CVE-2015-9280
PUBLISHED: 2019-01-16
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.