Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
DoJ Announces Team To Oversee Security Of Internet of Things
Newest First  |  Oldest First  |  Threaded View
koconnor100
50%
50%
koconnor100,
User Rank: Apprentice
9/26/2016 | 9:55:37 AM
Re: DoJ, NSA , it's all USGov
"You're demanding privacy and secrecy for yourself but that the same time denying the government of it even though they might be trying to defend your life with the same technology you only want to use to hide your selfies."


After Ferguson Missouri, trust in the US Government is hard to come by.

It wasn't just one cop that shot a black man there, it was the entire towns political structure, elected mayor, council men, etc etc, protecting that cop because he was doing precisely what they ordered him to do.

And that will shake your faith in any organization.
koconnor100
50%
50%
koconnor100,
User Rank: Apprentice
9/26/2016 | 9:51:26 AM
Re: DoJ, NSA , it's all USGov
My "exaggerated self importance" is that I am a human being and they (NSA)  want a profile of EVERY HUMAN BEING on the planet.

I don't claim to have any special importance over my next door neighbours, I merely claim to be a normal human being .

 

:)
jcavery
50%
50%
jcavery,
User Rank: Moderator
9/20/2016 | 9:54:25 AM
Re: DoJ, NSA , it's all USGov
You're right, they would like to collect every byte of data.... and they probably could.... but they don't. There is a little paranoia in your post, exagerrated self importance, worrying that they are watching you, out of all the terrorists out there they actually are following. There is not enough manpower in the intelligence community to watch every person on the planet with the intensity and focus they apply to suspicious people. I don't remember hearing about any fire alarm bugs, microphones, or cameras regarding the snowden leaks. I have been through the spy museum in D.C., and they used some really sneaky technology back then too, with amazing stories of how they were used to prevent international massacres. I wonder how effective those ideas would have been if the enemy knew to look out for it, and knew exactly how to defend against it? Liberty is important, but we still need to be careful about inventing effective secrets, and then just giving them away. You're demanding privacy and secrecy for yourself but that the same time denying the government of it even though they might be trying to defend your life with the same technology you only want to use to hide your selfies.
koconnor100
100%
0%
koconnor100,
User Rank: Apprentice
9/19/2016 | 9:35:39 PM
DoJ, NSA , it's all USGov
Thanks to Edward Snowden it is now known world wide that the government of the USA , no matter which particular branch, would like to collect every byte of data everywhere on the planet.


As we sit hear reading this article, after reading yet another artical on the lastest of DDOS attacks and ransomware demands, one has to wonder why anyone would ever by anything even connected with IoT (internet of things).


My fear is that this kind of thing will be forced onto us. Everything will be IoT , with no way to turn it off.

In Canada , in Ontario , for example , it is the law that you have to have a fire alarm in the apartment. And those things are just a speaker , a circuit board with a few chips, and a line heading out to the central machine downstairs. We have no idea what those chips do. And looking it up in a book just tells us what they want us to think. And looking at the label reading "made in the USA" doesn't inspire us with confidence. As far as we know they put a listening device in every apartment in Canada.


Paranoid ? Maybe before Edward Snowden it was. But it is technically possible, and NSA is going on about how it wants to gather all data everywhere.


Even the regular internet is becoming increasingly unstable. IoT has a dark future indeed.


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...