Comments
Smart Cities' 4 Biggest Security Challenges
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/4/2015 | 9:13:42 AM
Re: Smarter Cities Securoty Challenges
@Peter: Indeed, malware even found its way onto the International Space Station via an infected flash drive!

It really makes me paranoid about accepting free flash drives from vendors at conferences; that's for sure.
Peter Williams
50%
50%
Peter Williams,
User Rank: Apprentice
7/2/2015 | 4:57:10 PM
Smarter Cities Securoty Challenges
Actually - far from Nest and such being the issue, I would guess that the the bigger threat to infrastructure is ancient PLCs being found on Shodan that still have the manufacturer's default password hard coded into them...That, and some idiot sticking an infected flash-drive in the machine running the SCADA system.

One angle that may offer some hope is the growing focus on resilience, where the need for multi -disciplinary working etc to plan for and manage disasters seems to be inceasingly accepted.  At least some cities include cyber events in their resilience planning - maybe we could make it more widespread?

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2015 | 6:06:34 AM
Las Vegas
The Las Vegas example got me thinking about what would happen if the Strip were shut down for a day.

And, having worked for the Nevada Attorney General in a role that dealt, in part, with utilities issues, the first thing that came into my mind was that -- despite the economic loss -- there'd be a HUGE savings in energy and natural resources.
Blog Voyage
100%
0%
Blog Voyage,
User Rank: Strategist
7/2/2015 | 2:55:40 AM
What a big work
Very nice ideas, but it will be a very hard work. As you know, security is a very difficult job. Wait and see.


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12716
PUBLISHED: 2018-06-25
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its l...
CVE-2018-12705
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
CVE-2018-12706
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
CVE-2018-12714
PUBLISHED: 2018-06-24
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial o...
CVE-2018-12713
PUBLISHED: 2018-06-24
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ...