Comments
IoT Botnets by the Numbers
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/5/2018 | 7:18:27 PM
Re: Frightening? Gets worse
@REISEN: I wouldn't put implanted medical devices in the same risk category as "smart" home appliances.  You have a couple of layers of added safeguard protection.

Your doctors and the device maker are responsible (in both senses of the word).  It's also probable that your device can't be reprogrammed remotely.  Interception and misuse of your device's sensor data is technically possible; but hard to imagine anyone wanting to.  Contact your doctor, if you need more reasons not to worry about it.  -- Wish you well.  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
2/5/2018 | 2:12:23 PM
Frightening? Gets worse
I am the owner of an internal defibulator (could be a pacemaker for arguments sake) and it has a wireless output to a small box in my kitchen to transmit data and box by phone to hospital.  Now I wonder about that? 
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/5/2018 | 11:53:57 AM
Re: Why is anybody surprised?
"...computer systems have proven to be vulnerable, why should we trust IOT personal items to be any different?"  In some ways IOT is worse - principally, in that compromise is less noticeable, until it's painfully obvious.  Even when attackers make no special effort to remain undetected, IoT device processing is generally not user interactive, and a hack doesn't have to be disruptive: "Ah! The fridge door located at this address hasn't been opened in 3 days; I bet they're out of town."
rjones2818
50%
50%
rjones2818,
User Rank: Strategist
2/5/2018 | 10:40:09 AM
Why is anybody surprised?
The fault lies with the companies who have unleashed an immature technology upon the world in a rush to grub for more money.  Many regular computer systems have proven to be vulnerable, why should we trust IOT personal items to be any different?
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
2/5/2018 | 9:23:43 AM
Don't want no IoT
It's hard to find appliances, cars, office equipment without IoT anymore.  And it's frightening.  I have a pretty old kitchen, so I'm not worred about it, but when things break down will anything I choose include IoT comms on it?  Will I have the choice of turning off any communication?  How will this affect self driving cars.  This really is could become very scary.

I agree with the 1st post.  We've reared of a generation of me, dependent, and spoiled.  Far in between there are golden nuggets, but they may not be easy to find.
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
1/31/2018 | 3:36:30 PM
Brought to justice?
"...three creators of Mirai come to justice..."  5 years and $250k fines are a lot for people that didn't kill anyone; but trivial compared to the economic damage they  caused.  I hope we all realize that economic damage can severely damage lives - even fataly. 

"...developed Mirai in their dorm room."  That highlights the culture component of the problem.  Solutions there will be difficult and generational. 


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...