Posts by Mark Stanislav

6 min IoT

R7-2015-27 and R7-2015-24: Fisher-Price Smart Toy® hereO GPS Platform Vulnerabilities (FIXED)

Through our recent publication of numerous security issues of Internet-connected baby monitors [/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors], we were able to comprehensively raise awareness of the real-world risks facing those devices. Further, we were able to work with a number of vendors to get key security problems resolved, resulting in major increases of security within that particular market space. Today, Rapid7 is continuing this effort in applying security

4 min IoT

The IoT Trust Framework: Finally Setting the Bar for IoT Security & Privacy

Since I co-founded [] back in February, 2014, I've spent a lot of time thinking through, presenting on, and discussing what is currently wrong with IoT security. Most conversations around this typically lead to the same concerning conclusion -- "why isn't anyone building a standard for these devices?"  Well, today, that frustrating question has a friendly answer: somebody has. The Online Trust Alliance [] (OTA) recently released the

3 min

How to be a Combination King

I recently spent a wonderful week in London to participate in Infosecurity Europe [] as part of a larger group of internationally-based Rapid7 employees. If you've been to many events, you know that vendors quite often come up with clever ways to attract people to their booth through giveaways, technical presentations, and product demonstrations. Lucky for me, our booth happened to be right next to a vendor who had a rather neat contest involving a keypad lock

8 min Research

A Primer on IoT Security Research

Over the past couple of years I've dove into Internet of Things [] (IoT) security research and found it to be a rather fun (and sometimes terrifying) mixture of technologies, [in]delicately woven together to provide for some pretty useful, and not so useful, devices. It's a very exciting time right now as technologists navigate the nascent waters to determine what the best-of-breed platforms, protocols, and languages that will drive IoT for years to

8 min

OSINT Through Sender Policy Framework (SPF) Records

Having spent a lot of my career managing hundreds of Linux servers at a time, I can honestly say that the part I miss the least is running e-mail services. When you run your own e-mail servers, not only do you have to manage half a dozen services, but you also deal with all of the crazy mechanisms to filter spam, keep your IP addresses off blacklists, and ensure deliverability of outbound e-mail. Because spammers and criminals love to leverage well known and respected domain names, it's pretty c