security vulnerability

Led by Boeing Vet, Tempered Networks Securing the Internet of Things

Here’s a scary headline: “BlackEnergy crimeware coursing through US control systems.” That’s from a report on a security vulnerability discovered in the Internet-connected pieces of industrial infrastructure that control things like electricity generation and water systems. A Seattle startup says its technology, first developed to help secure robotic tooling on Boeing’s 777 assembly lines, can help.

NETAVIS Upgrades NVR to Combat Shellshock/Bashdoor

Shellshock, also known as Bashdoor, is a family of security bugs within Linux and Mac OS X which was disclosed in the end of September. This vulnerability of the Unix Bash shell is also part of CentOS, the operating system which is the base of NETAVIS Observer Bundled versions. To close this security vulnerability, NETAVIS updated the Unix Bash shell in the software version Observer 4.5.2 which is ready for download at www.netavis.net.

NVR Units Are Vulnerable to Shellshock/Bashdoor

Due to many video surveillance NVR recording devices implementing Linux and Unix-derivative operating systems, SecurityHive thought it was important to post information about this known security vulnerability. If you have an IP-based NVR solution in your environment, we encourage you to contact your manufacturer to determine if you need to take action to protect your system from this known issue.

Researcher Finds Major Security Holes In IZON Surveillance Camera

October 26, 2013 — CSO — The IZON surveillance camera sold in Apple Stores and Best Buy outlets is filled with security holes that enable a hacker to easily commandeer the device, a security researcher said. Mark Stanislav, security evangelist for two-factor authentication platform vendor Duo Security, started investigating the camera after buying the Wi-Fi device for his home and discovering it was configured, so anyone could access the device if it’s on the Internet. Stanislav’s findings, presented this week at the Rochester Security Summit in Rochester, N.Y., were startling. With only an IP address for the device, a person could log into the Web interface of any IZON camera, using the default user name and password, which was “user” for both, Stanislav said. Once logged in, a person could view everything the camera sees within the home. Stanislav found the credentials hardcoded in the camera manufactured by Stem Innovation. The IZON is managed through an iPhone or iPad mobile app available for free on Apple’s App Store. Stem Innovation did not respond to requests for comment. Within the mobile app, Stanislav found the hardcoded credentials for administration privileges, which means a person could set alerts and make other configuration changes. The camera has a motion and an audio sensor that can be turned on when people are away from their homes. The purpose of the credentials stored in the app is to perform firmware updates. However, there are certainly tradeoffs in security. “This camera was (according to Stem […]