Amazon key(Based upon IOT) makes your house absolutely insecure

Amazon Key IMO is a bad idea.  The fact that it is based on IOT makes it worse.  The very concept of you give someone access to your house with no other controls…there’s a camera to watch them but a camera will not stop anyone from doing anything else..jsut record the video of them doing it. now a security vulnerability has been found in the “smart lock” that powers this “service”.  Malwarebytes does not mention […]

Firewall IOT Properly..Yet Another 0-day for IOT

Yet another IOT security issue.  this one is actually a remote code exploit so once again a flaw allows IOT devices to get taken over Two things: Do not let IOT have access to your internal network.  It MUST be firewalled onto its own network. Do not allow IOT access to the Internet unless needed..and then you need to configure the firewall to only out communications on the ports it requires to function. Keep IOT […]

A Dubious IOT Product With Some Serious Network Problems..Are We ...

From if it sounds to good to be true it probably is department: I was notified about something being hawked on a public Facebook page. Supposedly you can “fire your cable company” with this little box. What got them suspicious is the fact the seller would only do business on PM, with no public pricing information, and no real details about the product. The only things presented were a couple of screenshots of live events, […]

OCT 21st National DDOS news(Tons of links)

This post is not only about tonight’s massive DDOS attack but the terrible problems IOT is causing due to their horrid security.  If you want a quick overview skip right to the video.  If you want to get into the weeds a bit read on…but be warned.  There are tons of links and those links often contain links as well.  This is NOT a quick read.  If you want the full details though grab some […]

When you have poor security…BLAME RUSSIA(or whomever else)

When the Yahoo hack was revealed I absolutely dismissed Yahoos assertions of a nation state actor.  I have been waiting for the independent investigations to play out and now the REAL reason for the hack has come out. Yahoo internal security was poor.  Unlike Google, which took security very seriously when they were breached in 2010 along with Yahoo, Yahoo basically sat on their hands when it came to security.  Yahoo KNEW about the bigger […]

IOT default insecurity = Internet infrastructure danger

Krebonsecurity editor Brian Krebs now posts showing the source code for the botnet that forced Akamai/Prolexic to boot him off their network.  What is amazing is that while Prolexic was struggling to handle nearly 700 megabits there was another even larger DDOS going on aimed at the European hosting provider OVH.  OVH was taken down by a 1 TERABIT per second..that’s 1 TRILLION bits of data PER SECOND.  That kind of math is hard to comprehend. […]

DDOS…The new wave of digital censorship

I have been watching the saga of security blogger Brian Krebs and his krebsonsecurity blog.  He has had the benefit of high powered DDOS protection from Prolexic which is an Akamai subsidiary. Krebs has for a long time now been able to infiltrate and report on the darker side of the Internet.  Recently Krebs site was hit with 620+ GIGABIT per second DDOS attack.  Prolexic had never handled something of that size before and it […]

IOT and BYOD Must be Kept off Your Internal Network

I have talked about keeping IOT(Internet of Things) and BYOD(Bring your Own Devices) out of your internal network privately for a while.  I have often told my clients in private that allowing employee(or guest) devices on your internal network is a bad idea and have advocated for physical isolation of those devices from your internal network.  I am not an advocate of VLANS.  To me that means a separate physical wire for them and that […]