Cloud Device Insecurity

Presented at NolaCon 2015, June 12, 2015, 3 p.m. (Unknown duration)

Your data is much safer at home than it is letting some corporation "take care of it" for you, right? Security reviews for some of the top vendors' devices reveal many interesting findings. Like everything else, there are bugs. But knowing what kinds of bugs and how the vendors have responded will allow you to better understand the impact of plugging these devices into your network. Jeremy will show you just how low access control and least privilege are their list of priorities. He'll also explore the amount of test collateral and debug interfaces sloppily left shipping to consumers. From remote roots to stealing social network tokens to just plain weird stuff, he'll expand on how it's not just about what they do, but also what they don't do. And, he'll give you some useful guidelines on how to close the gaps yourself.

Presenters:

• Jeremy Brown
  Jeremy is a security researcher focused on application security, largely involved in vulnerability research and development. He has gained extensive software security experience working at a large software company for several years on various projects including exploit mitigations, scalable fuzzing and kernel security. Other interests include static analysis, penetration testing and all things fascinating in the field of computer security.

Links:

• https://nolacon.com/talk/cloud-device-insecurity

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Lessons Learned by the WordPress Security Team
• BSidesLV 2015 / The Internet of ... Mainframes?! WTF?
• DEF CON 24 (2016) / Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game