6 min
IoT
R7-2015-27 and R7-2015-24: Fisher-Price Smart Toy® hereO GPS Platform Vulnerabilities (FIXED)
Through our recent publication of numerous security issues of
Internet-connected
baby monitors
[/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors], we
were able to comprehensively raise awareness of the real-world risks facing
those devices. Further, we were able to work with a number of vendors to get key
security problems resolved, resulting in major increases of security within that
particular market space. Today, Rapid7 is continuing this effort in applying
security
4 min
IoT
The IoT Trust Framework: Finally Setting the Bar for IoT Security & Privacy
Since I co-founded BuildItSecure.ly [http://builditsecure.ly/] back in February,
2014, I've spent a lot of time thinking through, presenting on, and discussing
what is currently wrong with IoT security. Most conversations around this
typically lead to the same concerning conclusion -- "why isn't anyone building a
standard for these devices?" Well, today, that frustrating question has a
friendly answer: somebody has. The Online Trust Alliance
[https://otalliance.org/] (OTA) recently released the
3 min
How to be a Combination King
I recently spent a wonderful week in London to participate in Infosecurity
Europe [http://www.infosecurityeurope.com/] as part of a larger group of
internationally-based Rapid7 employees. If you've been to many events, you know
that vendors quite often come up with clever ways to attract people to their
booth through giveaways, technical presentations, and product demonstrations.
Lucky for me, our booth happened to be right next to a vendor who had a rather
neat contest involving a keypad lock
8 min
Research
A Primer on IoT Security Research
Over the past couple of years I've dove into Internet of Things
[http://en.wikipedia.org/wiki/Internet_of_Things] (IoT) security research and
found it to be a rather fun (and sometimes terrifying) mixture of technologies,
[in]delicately woven together to provide for some pretty useful, and not so
useful, devices. It's a very exciting time right now as technologists navigate
the nascent waters to determine what the best-of-breed platforms, protocols, and
languages that will drive IoT for years to
8 min
OSINT Through Sender Policy Framework (SPF) Records
Having spent a lot of my career managing hundreds of Linux servers at a time, I
can honestly say that the part I miss the least is running e-mail services. When
you run your own e-mail servers, not only do you have to manage half a dozen
services, but you also deal with all of the crazy mechanisms to filter spam,
keep your IP addresses off blacklists, and ensure deliverability of outbound
e-mail. Because spammers and criminals love to leverage well known and respected
domain names, it's pretty c