Comments
IoT Botnets by the Numbers
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/5/2018 | 7:18:27 PM
Re: Frightening? Gets worse
@REISEN: I wouldn't put implanted medical devices in the same risk category as "smart" home appliances.  You have a couple of layers of added safeguard protection.

Your doctors and the device maker are responsible (in both senses of the word).  It's also probable that your device can't be reprogrammed remotely.  Interception and misuse of your device's sensor data is technically possible; but hard to imagine anyone wanting to.  Contact your doctor, if you need more reasons not to worry about it.  -- Wish you well.  
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
2/5/2018 | 2:12:23 PM
Frightening? Gets worse
I am the owner of an internal defibulator (could be a pacemaker for arguments sake) and it has a wireless output to a small box in my kitchen to transmit data and box by phone to hospital.  Now I wonder about that? 
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
2/5/2018 | 11:53:57 AM
Re: Why is anybody surprised?
"...computer systems have proven to be vulnerable, why should we trust IOT personal items to be any different?"  In some ways IOT is worse - principally, in that compromise is less noticeable, until it's painfully obvious.  Even when attackers make no special effort to remain undetected, IoT device processing is generally not user interactive, and a hack doesn't have to be disruptive: "Ah! The fridge door located at this address hasn't been opened in 3 days; I bet they're out of town."
rjones2818
50%
50%
rjones2818,
User Rank: Strategist
2/5/2018 | 10:40:09 AM
Why is anybody surprised?
The fault lies with the companies who have unleashed an immature technology upon the world in a rush to grub for more money.  Many regular computer systems have proven to be vulnerable, why should we trust IOT personal items to be any different?
jenshadus
50%
50%
jenshadus,
User Rank: Strategist
2/5/2018 | 9:23:43 AM
Don't want no IoT
It's hard to find appliances, cars, office equipment without IoT anymore.  And it's frightening.  I have a pretty old kitchen, so I'm not worred about it, but when things break down will anything I choose include IoT comms on it?  Will I have the choice of turning off any communication?  How will this affect self driving cars.  This really is could become very scary.

I agree with the 1st post.  We've reared of a generation of me, dependent, and spoiled.  Far in between there are golden nuggets, but they may not be easy to find.
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
1/31/2018 | 3:36:30 PM
Brought to justice?
"...three creators of Mirai come to justice..."  5 years and $250k fines are a lot for people that didn't kill anyone; but trivial compared to the economic damage they  caused.  I hope we all realize that economic damage can severely damage lives - even fataly. 

"...developed Mirai in their dorm room."  That highlights the culture component of the problem.  Solutions there will be difficult and generational. 


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark Reading,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The one you have not seen, won't be remembered".
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-9317
PUBLISHED: 2018-05-23
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
CVE-2018-1193
PUBLISHED: 2018-05-23
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
CVE-2018-1122
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVE-2018-1123
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
CVE-2018-1125
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.