Security Roundup - 2016-01-27

Posted on  by


More hardware security issues, like this IoT doorbell that can provide wireless network details by unscrewing the faceplate, pressing a reset button, and then connecting to it. Princeton researchers have found out a bunch of issues with a variety of devices. And then there are these stories of people taunting babies through hacked baby monitors. AMX recently also released an update to some of their videoconferencing products to remove a backdoor. Shodan.io has enough scan data that they are essentially a search engine for open IoT devices.

It is one thing for a user to be using a [password from the worst password’s list]https://www.teamsid.com/worst-passwords-2015/), or to have a hard coded password in your software, but Lenovo managed to combine the two in one of their products.

Hot on the heels of Let’s Encrypt, Amazon adds AWS Certificate Manager for free SSL certs for your AWS apps.

Security researches are worried about GCHQ’s MIKEY-SAKKE system for telecommunications is basically key escrow and allow the government to unencrypt all communications.

One Amazon user goes into detail about the ultimate system backdoor, customer support.

CyberSecurity Startup Growth In Isreal is very big. Interestingly, Isreal’s Electric Authority is apparently subject to between 4 and 20 ‘cyber events’ per month.

Cool visualization of TOR traffic flowing across the world.

Schmoocon was earlier this month, and one of the interesting topics was using GPUs and FPGAs to better identify malware.