Episode 21 | March 16, 2017

Listen on Google Play Music

Catching you up on the latest from IoT, InfoSec and Tech. Episode 21 includes: Daniel writes a book, the FTC and FBI say silly things, sex toys spying on you, Bessy the cow gets connected, Bitcoin zero-days, Flippy the robot and more…

IoT

  • Daniel’s book, The Real Internet of Things is on Amazon, check it out. Great insight into things to come in regards to IoT.
  • The acting head of the Federal Trade Commission (FTC) thinks the IoT industry should be left to regulate itself…that should go well. We’ve already seen numerous router manufacturers and other IoT makers refuse to fix identified vulnerabilities or simply refuse to include security at all in their products. To use the PCI compliance example, do you think companies would have bothered with security for credit card transactions without being required to meet PCI requirements? Not that everything needs to be regulated, but sometimes you need someone to give it a push and get things going.
  • Standard Innovation Corp. (maker of sexual aids) settles lawsuit for $3.75 million over data privacy issues. Noted data sent back to servers included date and time of use along with device settings and email addresses. Sometimes I think companies just collect everything to see what they can get away with until they get caught.
  • 10 examples of IoT devices in healthcare:
    • Insulin delivery
    • Glucose monitoring
    • Activity tracker during cancer treatment
    • Connected inhalers
    • Ingestible sensors
    • Connected contact lenses
    • Depression-fighting Apple Watch app
    • Coagulation testing
    • Arthritis using Apple’s ResearchKit
    • Parkinson’s research
  • According to a TripWire study, 96% of IT security professionals expect an increase in cyber security attacks against Industrial Internet of Things (IIoT). This doesn’t seem be a big revelation since the more devices are put out there, the more attacks will happen. However 51% said they do not feel prepared for attacks while 64% understand they need to protect against attacks. Makes one wonder what part of that 64% that understand the need for protection aren’t willing to or able to prepare.
  • If you have a WD My Cloud you might want to unplug it… just sayin’. WD was warned back in January about the flaws but failed to respond. There’s a large number of flaws so update now if you have one. Affected firmware versions on in the link.
  • Moocall…that’s right… connected devices on cow’s tails are apparently responsible for 150,000 safe births of calves. The device is connected to the cow’s tail and monitors births and it uses a SIM card. Connected cows…Yay!
  • Consumer Reports rates product privacy and security. Currently the standard has a few obvious things like:
    • Products should be built secure
    • Products should preserve consumer privacy
    • Products should protect the idea of ownership
    • Companies should act ethically

Given that CR is read for other reasons, maybe they will have more luck getting the point across. Of course the trick is to get manufacturers to treat standards as a baseline instead of the end goal which is usually what happens. Take PCI guidelines for example, basically companies should the minimum and call it a day.

InfoSec

  • I constantly see lists of various Linux firewalls that can be used however I rarely see Sophos (what used to be Astaro) home edition firewalls mentioned. The license for Sophos XG Home Edition is free and it’s basically a commercial version with most of the bells and whistles for free. There’s also the Sophos UTM home version that is also free and has an interface more along the lines of Checkpoint firewalls. If you are looking to put in your own home firewall, definitely check out the Sophos home editions.
  • Bitcoin Core supporter threatens Zero Day if Bitcoin Unlimited hardforks. The short story here is that transaction capacity is hard capped in Bitcoin currently and there’s a growing backlog of transaction which require higher and higher transaction fees to get them completed in a timely manner. In some cases, it’s pushing fees higher than you would pay for Visa or whatever which pretty much defeats the purpose of Bitcoin. Two factions are battling, Bitcoin Core and Bitcoin Unlimited, and apparently someone is threatening to unleash exploits upon Bitcoin if it hardforks. Hardforking would create two different Bitcoins probably dooming both in the long run.
  • 5 things to know about the NSA’s foreign surveillance:
    • What is Section 702 surveillance
    • The surveillance approval process
    • Prospects for extending Section 702
    • Backdoor searches of US communications
    • Expansive collection of foreign communications
  • FBI director apparently says, “Even our memories are not absolutely private in America”. Apparently security trumps everything. He goes on to give a few examples like communications between clergy members and attorneys, typically considered privileged communications as not private…{shakes head} …and he apparently blames the popularity of encryption on Snowden… yeah, that’s the reason.

Tech

  • Ground Loops. If you’ve ever wondered, wonder no longer. Basically, two separate devices are connected to ground separately and then also connected to each other through some other communication cable with a ground, this creates a loop. This can cause all kinds of problems from audio hum to bars in a tv picture to unexplained equipment failure. By the way if you have never visited hackaday.com I highly recommend it, fantastic site.
  • Burger flipping robot joins the workforce.  The robot is called Flippy and is AI driven and works for CaliBurger. I would probably trust this thing more than the minimum wage teenager working at the local McDonald’s.
  • Nest will supposedly release a cheaper smart thermostat next year. I have a couple of these and love them, however I didn’t pay for either of them and would probably have had a hard time forking out $500 for two thermostats, no matter how cool they are. The new thermostat will probably cost less than $200. Still rather expensive for a thermostat. It’s hard to tell if mine actually save me any money because I work from home so my A/C is usually on all the time instead of turning off if I were working at an office.
  • Most kids in a Netflix home have no idea what commercials are. Personally I think this is awesome. The less kids know about commercials the better. I haven’t watched regular tv with commercials in a decade at this point because commercials outright infuriate me. Especially when you are paying for a cable tv subscription and still being subjected to commercials. Anyway, I’m all for kids seeing less crap on tv when they do watch it.

Random

  • If you are into sci-fi, definitely check out The Expanse on Syfy. The books it is based off of are awesome as well.
  • I’m going to get back to making IoT and other videos to go along with the podcasts.
  • I’m also going to start updating Firmwalker soon with some additional features.
  • I recommend loggly.com if you are looking for a place to collect logs, do analysis and setup alerting.
  • I also recommend OpenDNS Umbrella for DNS monitoring. It’s a bit expensive since you have to pay yearly up front. But it’s well worth it given all the C&C that’s over DNS these days.

Contact: @craigz28 on twitter or [email protected]