IoT security anti-patterns

Saw this on Boing Boing, thanks again to Cory. Junade Ali at CloudFlare catalogs a few practices implementing IoT devices that contribute to the overall poor state of security. Importantly, there are recommend alternatives that maintain or improve security. We clearly need more of this, alongside existing resources like the OWASP security guide, both for manufacturers and for expert users to effectively hole them to account.

Read More …

Vaccinating IoT worm possibly uncovered

A bad idea comes back around, this time applied to the Internet of Things. The notion of a bit of self propagating code that defends instead of attacks is arguably as old as the Internet. It is never a good idea given the huge space of unintended consequences from unpredictable interactions with existing software to simple bugs exposing affected devices even more so than untouched ones. It is always better for devices owners to be aware of updates to their devices, ideally through a known and trusted mechanism.

Read More …

Android devices can be fatally hacked by malicious Wi-Fi networks

The exploit is just about the worst case scenario. Users don’t even have to connect to a malicious AP and turning off WiFi may not stop an attack. iOS has been patched but it is likely still weeks, if not months or in some cases ever, that Android will receive a patch. I can confirm that Broadcom makes some terrible chips after being stuck running Linux on a Mac for work recently. A coworker still routinely has disconnects and other issues with the same configuration.

Read More …

Not all password managers are equal or one common price of usability

I think a password manager is a minimum requirement these days for staying safe online. I would recommend the one I use except that it does not prioritize usability. Good to see the maintainers reacting quickly, it would be even better if they offered options that were more secure in the 1st place like owning my own keys and owning that any sync they provide is always an untrusted transport, full stop.

Read More …

2015-12-05 The Command Line Podcast

old-newspaper-350376_1280This is an episode of The Command Line Podcast.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

2015-11-22 The Command Line Podcast

newspapers-444447_1920This is an episode of The Command Line Podcast.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.