Category: Security & Privacy

OWASP Internet of Things Top Ten Project

The OWASP Project is looking at the Internet of Things, too, and published a top 10 of security concerns for that matter. While all of this is reasonable for the Internet of Things, it can be applied very generally for the Internet of anything. Good security pays in every environment, it’s just the Internet of Things has potentially more attack surface.

(more…)

February 18, 2015
Disk Forensic Evidence after Equation Group

After Kaspersky found hard drive firmware malware, @dragosr makes a valid point about disk forensic evidence. In particular, since the published timeline of the Equation Group reaches back as far as 2001.

Whoosh and there goes "beyond a shadow of a doubt" for any disk forensic evidence used in any court case.

— dragosr (@dragosr) February 17, 2015

February 18, 2015
Uber: Privacy Issues

A few days old already, Richard Gutjahr reported Uber has a privacy issue. Apparently, the now 404ed Lost and Found page listed not only lost items, but also usernames and contact details.

via Richard Gutjahr.

February 17, 2015
MongoDB with no protection

Students at the “Universität des Saarlandes” found almost 40k MongoDB instances, apparently with no security at all. Access to these databases includes write credentials.

Universität des Saarlandes: Aktuelles aus Studium und Forschung.

February 10, 2015
Xenon flash will cause Raspberry Pi2 to freeze

A Xenon flash will cause the Raspberry Pi 2 to freeze http://t.co/u5Vkn3svTz

— Hacker News Bot (@newsycombinator) February 8, 2015

A new class of DoS for hardware?

February 8, 2015
Samsung warnt.

Samsung warnt: Bitte achten Sie darauf, nichts Privates vor unseren SmartTVs zu erzählen

via netzpolitik.org.

February 8, 2015
GnuPG funded.

Since Werner Koch announced he’s running out ouf money yesterday, GnuPG collected 60k$ from the Linux Foundation, another 50k$ for the next year from each Facebook and Stripe, and a total of 150k$ from the community. Development should be safe for the next time. The news of the past days shows that security, while heavily discussed, needs proper funding.

via Slashdot.

February 6, 2015
Security vs. Privacy

Privacy turned into Security

via Peter Piksa auf Twitter: “Oh man, thats actually a really brillant illustration about privacy and security. http://t.co/sk5jnZAa8Q”.

February 6, 2015
Data and Goliath

Data and Goliath

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Bruce Schneier wrote a book about Big Data, mass surveilance and the Internet of Things. Schneier talks about how this effects society and what to do about the increasing datarization of everything we’re doing.

February 5, 2015
Why monitoring is hard

(and why your vendor will only sell you tools, not solutions)

Intro

Monitoring infrastructure in a meaningful way is important to any IT operations, yet it is hard to realize. Many vendors adress this problem and promise a silver bullet.

(more…)

February 4, 2015