main

Security

5 Recommendations for IoT Manufacturers

January 25, 2017 — by Pascal Geenens0

recommendations-iot-manufacturers-960x640.jpg

As devices get more connected, they potentially get smarter and provide richer functionality. The internet of things (IoT) describes a world where just about anything can be connected, from routers, smart thermostats, smart light bulbs, and door locks to intelligent fridges, or even cars.

In recent events, devices with less than desirable security states were taken over by massive botnets consisting of hundreds of thousands of devices that were able to launch an impressive DDoS attack that crippled several online services.

DDoSSecurityWAF

WAF and DDoS Help You on the Road to GDPR Compliancy

January 19, 2017 — by Pascal Geenens0

gdpr-compliance-960x539.jpg

Data is the currency of today’s digital economy, the oil of the 21st century. Personal data is considered our economical asset generated by our identities and our behavior and we trade it for higher quality services and products. Online platforms act as intermediaries in a two-sided market collecting data from consumers and selling advertising slots to companies. In exchange for our data being collected, we get what appears to be a free service.

The growth and the market capitalization of social platform providers like Facebook and search engines such as Google demonstrate the value of personal data. Personal data also provides new ways to monetize services as news organizations are finding it difficult to charge ‘real’ money for digital news, but leverage our willingness to pay for a selection of ‘free’ news with our personal data. Every 3 out of 4 persons prefer free registration with selective access over a paid registration with full access.

Security

The Shadow Brokers went dark, the NSA weakened and exposed in the cyber war

January 17, 2017 — by Pascal Geenens0

the-shadow-brokers-1-960x638.jpg

On January 12th, the Shadow Brokers announced they are ‘going dark’ by leaving a farewell: “So long, farewell peoples. TheShadowBrokers is going dark, making exit. Continuing is being much risk and b*******, not many bitcoins. … Despite theories, it always being about bitcoins for TheShadowBrokers. Free dumps and b******* political talk was being for marketing attention. There being no bitcoins in free dumps and giveaways. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers.”

Security

DevSecOps and Continuous Security Delivery

January 3, 2017 — by Pascal Geenens0

devsecops-960x640.jpg

The success of an online business depends in large part on the user experience. After all, competitors are only a single click away. There is a broad spectrum of services that impact user experience from an infrastructure and application perspective. Think about page load times, availability, and feature richness. Agility in the delivery infrastructure and continuous delivery of applications have become ubiquitous to the success of an online business. Hyper scale cloud providers such as Google, Amazon, eBay, and Netflix have been leading on highly scalable, agile infrastructure and continuous delivery of applications and are considered the golden standards for the practice of online business.

DDoSHacksSecurity

Is Heat Your Thermostat’s First Priority?

December 1, 2016 — by Pascal Geenens0

Radware_Thermostat_Hack_Cartoon-960x960.png

Mirai has been popping on and off the news and is becoming a commodity resource for large scale DDoS attacks. Although most of the security community have been debating and warning about the IoT threat, there is only evidence for a very specific class of devices being involved in the Mirai attacks. As we came to know the source code and security researchers started to investigate the victimized devices, it was clear that a common class of devices stood out in the list compiled by Krebs: IP cameras, DVRs and a handful of routers. What made them better candidates than your smart toaster or your cloud connected thermostat? The fact that routers are in the list should not be surprising, those devices are per definition connected to the internet and are clearly #1 on the pwning list, which was proven again recently when 900,000 routers from DT where taken offline for service as a result of what is supposed to be an adapted version of Mirai using a remote code execution (RCE) vulnerability through the TR-069 CPE WAN management protocol.

DDoSHacksSecurity

The deplorable state of IoT security

October 20, 2016 — by Pascal Geenens2

internet-of-things-960x640.jpg

Following the public release of the Mirai (You can read more about it here) bot code, security analysts fear for a flood of online attacks from hackers. Mirai exposes worm-like behavior that spreads to unprotected devices, recruiting them to form massive botnets, leveraging factory default credentials and telnet to brute and compromise unsuspecting user’s devices.

Soon after the original attacks, Flashpoint released a report identifying the primary manufacturer of the devices utilizing the default credentials ‘root’ and ‘xc3511’. In itself, factory default credentials should not pose an enormous threat, however combined with services like Telnet or SSH enabled by default and the root password being immutable, the device could be considered a Trojan with a secret backdoor, a secret that now has become public knowledge.

HacksSecurity

BusyBox Botnet Mirai – the warning we’ve all been waiting for?

October 11, 2016 — by Pascal Geenens4

mirai-botnet-960x720.jpg

On Tuesday, September 20th around 8:00PM, KrebsOnSecurity.com was the target of a record-breaking 620Gbps volumetric DDoS attack designed to take the site offline. A few days later, the same type of botnet was used in a 1Tbps attack targeting the French webhoster OVH. What’s interesting about these attacks was that compared to previous record-holding attacks, which were less than half the traffic volume, they were not using amplification or reflection. In the case of KrebsOnSecurity, the biggest chunk of the attack traffic came in the form of GRE, which is very unusual. In the OVH attack, more than 140,000 unique IPs were reported in what seemed to be a SYN and ACK flood attack.