Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
DoJ Announces Team To Oversee Security Of Internet of Things
Threaded  |  Newest First  |  Oldest First
koconnor100
100%
0%
koconnor100,
User Rank: Apprentice
9/19/2016 | 9:35:39 PM
DoJ, NSA , it's all USGov
Thanks to Edward Snowden it is now known world wide that the government of the USA , no matter which particular branch, would like to collect every byte of data everywhere on the planet.


As we sit hear reading this article, after reading yet another artical on the lastest of DDOS attacks and ransomware demands, one has to wonder why anyone would ever by anything even connected with IoT (internet of things).


My fear is that this kind of thing will be forced onto us. Everything will be IoT , with no way to turn it off.

In Canada , in Ontario , for example , it is the law that you have to have a fire alarm in the apartment. And those things are just a speaker , a circuit board with a few chips, and a line heading out to the central machine downstairs. We have no idea what those chips do. And looking it up in a book just tells us what they want us to think. And looking at the label reading "made in the USA" doesn't inspire us with confidence. As far as we know they put a listening device in every apartment in Canada.


Paranoid ? Maybe before Edward Snowden it was. But it is technically possible, and NSA is going on about how it wants to gather all data everywhere.


Even the regular internet is becoming increasingly unstable. IoT has a dark future indeed.
jcavery
50%
50%
jcavery,
User Rank: Moderator
9/20/2016 | 9:54:25 AM
Re: DoJ, NSA , it's all USGov
You're right, they would like to collect every byte of data.... and they probably could.... but they don't. There is a little paranoia in your post, exagerrated self importance, worrying that they are watching you, out of all the terrorists out there they actually are following. There is not enough manpower in the intelligence community to watch every person on the planet with the intensity and focus they apply to suspicious people. I don't remember hearing about any fire alarm bugs, microphones, or cameras regarding the snowden leaks. I have been through the spy museum in D.C., and they used some really sneaky technology back then too, with amazing stories of how they were used to prevent international massacres. I wonder how effective those ideas would have been if the enemy knew to look out for it, and knew exactly how to defend against it? Liberty is important, but we still need to be careful about inventing effective secrets, and then just giving them away. You're demanding privacy and secrecy for yourself but that the same time denying the government of it even though they might be trying to defend your life with the same technology you only want to use to hide your selfies.
koconnor100
50%
50%
koconnor100,
User Rank: Apprentice
9/26/2016 | 9:51:26 AM
Re: DoJ, NSA , it's all USGov
My "exaggerated self importance" is that I am a human being and they (NSA)  want a profile of EVERY HUMAN BEING on the planet.

I don't claim to have any special importance over my next door neighbours, I merely claim to be a normal human being .

 

:)
koconnor100
50%
50%
koconnor100,
User Rank: Apprentice
9/26/2016 | 9:55:37 AM
Re: DoJ, NSA , it's all USGov
"You're demanding privacy and secrecy for yourself but that the same time denying the government of it even though they might be trying to defend your life with the same technology you only want to use to hide your selfies."


After Ferguson Missouri, trust in the US Government is hard to come by.

It wasn't just one cop that shot a black man there, it was the entire towns political structure, elected mayor, council men, etc etc, protecting that cop because he was doing precisely what they ordered him to do.

And that will shake your faith in any organization.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
CVE-2021-39352
PUBLISHED: 2021-10-21
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrat...