25 Friday May 2018
Posted in bad tech
Tags
The FBI warned on Friday that Russian computer hackers had compromised hundreds of thousands of home and office routers and could collect user information or shut down network traffic.
Good to see that Netgear is not on this list!
19 Monday Mar 2018
Posted in bad tech
03 Wednesday Jan 2018
link: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
more info here: https://meltdownattack.com
It seems there is a deep flaw in Intel 64 bit CPUs that may let malware access kernel memory – a bad thing. The OS work arounds for this will cut performance significantly. Technical details are in the linked article.
Windows and Linux are to issue update shortly. Apple’s macOS (nee OS X) has been patched since version 10.3.2
So, if you are contemplating a computer purchase I think you should delay buying until Intel fixes the CPU defect and announces which CPU lines are fixed. Then make sure a fixed chip is in the computer you want.
06 Friday Oct 2017
According to TheNextWeb (via [H]ardOCP), a Dutch woman named Rilana Hamer bought a small Internet-connected camera from a local store, with the goal of keeping an eye on her puppy while she was away from work. “I thought I was going crazy,” Hamer said in a public Facebook post. “I suddenly heard sounds in the living room. I walked up there and saw my camera move.”
The camera, purchased from a discount chain store called Action, apparently claimed to offer password protection to protect its stream from being snooped on. But the implementation was clearly cataclysmically flawed. The person controlling the camera began speaking to her, initially in French. Shocked, she disconnected the device, but later decided to set it up again to see if the same thing would happen twice. Within a minute, it was.
The problem here, I’d argue, goes beyond the specific security protocols of any single product. Manufacturers have fallen over themselves to push “smart” devices to market, with a heavy emphasis on making those products accessible, as opposed to making them secure. On the one hand, this makes sense. The more secure a product is, the harder it typically is to use, though good UI and strong default choices can bridge the gap here.
But many of these same companies are also interested in extracting useful data from their own devices that they can monetize and sell. Even companies that never attempted to turn a profit on customer data, like Roomba, now plan to do so. This gives companies two reasons to downplay device security: They want to exfiltrate as much data as possible, and they want to make connecting to your internet camera as easy as possible. Both goals are exactly the opposite of what you want a design team to be thinking about when they implement the security on an IoT device.
The takeaway here is to assume any iOT product is going to spy on you or steal something until proven otherwise. Sort of like Craigs List where everything is a scam until verified otherwise. Much of the creepy shitty iOT crap is made in China, which should be a big red flag to anyone paying attention.
Dagny's Desk 