Tag Archives: hntbh

Welcome to The Internet of Compromised Things – How not to be hacked, routers

squid eating a router!!!

A good write-up by Jeff addresses a problem that has existed for several years, but only recently is starting to get malicious. A few hackers demonstrated how the software running common internet modems and routers were vulnerable to attack. A few good-minded-souls even wrote code to scan the internet; find them; and exploit them to install the update.

Of course, there were those who used those same routers to mine for crypto-currency and others who created attack bot networks. The article highlights how these unprotected devices are hacked and allow for anyone passing traffic through them to be infected with malware on their machine.

A good article with rather excellent tips for mitigation at the end. Very much inline with several tips I drafted for How Not To Be Hacked, the book, and some tips that didn’t make it due to complexity. If you only skim it … be sure to make it to the end where the tips are listed!!!

For security professionals Jeff raised one point that I thought was a challenge to our industry, and highlighted it below:

Buy a new, quality router. You don’t want a router that’s years old and hasn’t been updated. But on the other hand you also don’t want something too new that hasn’t been vetted for firmware and/or security issues

via Welcome to The Internet of Compromised Things.

How ridiculous our world is sometimes … buy a new router, but not too new … but also not too old. HAH… That fails the How not to be hacked, Can you explain it to your grandma test (something I learned in the Head Game). It is valid though … and reflects the challenge of security professionals.

Good write-up,

James

 

Mobile ad fraud costs advertisers $1 billion a year, study says

Mobile devices are easy targets and when more dependency on wifi is enabled the conduct of fraud is easier to execute without detection. Also thinking this would be pretty to execute such advertising fraud, as described in the article, by installing similar tech onto all of the unsecured/patched/Internet of Things devices on the internet. Imagine this fraud with all of the consumer internet routers!

Details from the Fortune article:

The firm said that it tracked down more than 5,000 apps that were exhibiting suspicious behavior. It found the apps by using the real-time tracking data that it gets from the various mobile ad networks that it is integrated with, which allowed it to look for the kind of rapid ad-loading and background functions that most malicious apps exhibit…

Forensiq said its research showed that more than 13% of total mobile app inventory was at risk, and 14% of all mobile apps on iOS, Android and Windows Mobile platforms.

Over a period of 10 days, Forensiq says it observed more than 12 million unique devices with installed apps that exhibited fraudulent behavior: about 1% of all devices it observed in the U.S. and between 2% and 3% of those in Europe & Asia.

Mobile ad fraud costs advertisers $1 billion a year, study says.

… My comments on this report (not posted on Fortune due requirement to link social media account):

It’d be valuable to know how those Apps identified for fraud were ranked in the ‘App stores’. This way we could identify the popularity and likely spread of these apps. The 12 million figure is large, but out of a possible 1.3 billion devices it is hard to understand the sampling effect.

I’d love more intelligence on the ‘what’, so that regular readers of the article and users of the devices could clean out these Apps off their devices.

Gotta love Blackhat and DefCon week! All the research docs are released.

James

Bored w/ Security warnings? MRIs show our brains shutting down when we see security prompts

Ever find yourself just click click clicking through every message box that pops up? Most people click through a warning (which in the land of Web Browsers usually means STOP DON’T GO THERE!!) in less than 2 seconds. The facts seem to be due to be from habituation – basically, you are used to clicking, and now we have the brain scans to prove it!

What does this mean for you? Well specifically you won’t be able to re-wire your brain, but perhaps you can turn up the settings on your web browser to not allow you to connect to a site that has the issues your web browser is warning against. Simple – let the browser deal with it and take away one nuisance.

From the study:

The MRI images show a “precipitous drop” in visual processing after even one repeated exposure to a standard security warning and a “large overall drop” after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.

via MRIs show our brains shutting down when we see security prompts | Ars Technica. (photo credit Anderson, et al)

Don’t forget to check out – www.facebook.com/hntbh if you are looking for quick reminders. The book is coming along and chapter releases are (finally) coming in April!