RSS

Terminator and SkyNet might be here before you think!

Terminator movies have taught us a couple of important lessons – Whatever you do you cannot control the destiny. And, don’t let all the control to the machines.

That said – with IoT beginning to connect ‘Things’ and with no security standards (well not much of them anyway) established during the IoT wars; don’t you wonder if that ‘smart’ machine in your home or office is secure enough and will absolutely do what it’s supposed to do?

Time to think again! A recent publication by SCMagazine clearly articulates the fact that it’s about time that security was made paramount before going live with anything that is ‘smart’ enough to take decisions.

An excerpt follows:

As many of these “smart” machines are self – propelled, it is important that they’re secure, well protected, and not easy to hack. If not, instead of helpful resources they could quickly  become dangerous tools capable of wreaking havoc and caus ing substantive harm to  their surroundings and the humans they’re designed to serve. We’re already experiencing some of the consequences of substantial cybersecurity  problems with Internet of Things (IoT) devices that are impacting the Internet,  companies and commerce, and individual consumers alike. Cybersecurity problems in  robots could have a much greater impact. When you think of robots as computers with  arms, legs, or wheels, they become kinetic IoT devices that, if hacked, can pose new  serious threat s we have never encountered before.  As human – robot interactions improve and evolve, new attack vectors emerge and threat  scenarios expand. Mechanical extremities, peripheral devices, and human trust expand  the area where cybersecurity issues could be  exploited to cause harm, destroy property,  or even kill.

Reference: https://media.scmagazine.com/documents/287/hacking-robots-before-skynet_71714.pdf

There are references of incidents where life threatening situations occurred because security was at loss for example:

  • A robot security guard at the Stanford Shopping Center in Silicon Valley knocked  down a toddler; fortunately, the child was not seriously hurt
  • A Chinese – made robot had an accident at a Shenzhen tech trade  fair, smashing a  glass window and injuring someone standing nearby
  • In 2007 a robot cannon killed 9 soldiers and seriously injured 14 others during a  shooting exercise due to a malfunction
  • Robotic surgery has been linked to 144 deaths in the US by a recent study

Time to wake up to reality that (cyber) security controls are more than desired with robotics let apart IoT; the mother ship of connectivity (and increases the attack and exploit surface manifold).

Bottom line: Trying to let control go to leverage automation may not be a good idea unless there are strict security norms and cyber security controls in place.

Watch out – that smart machine may be just too smart for your liking!!!

Advertisements
 
Leave a comment

Posted by on March 15, 2017 in IoT Security

 

Ransomware as a Service – It’s as real as it gets!

The world of information technology is changing rapidly. So much so that – now you can get your hands on a service that offers creating ransomware to commission based returns on jacked machines. Yes, that’s true.

Here’s an excerpt from an ‘underground’ forum:


Satan is a free to use ransomware kit, you only need to register on the site to start making your viruses. Satan only requires a user name and password to create an account, althrough, if you wish, you can set a public key for two-factor authentication.
Satan has a initial fee of 30% over the victim’s payment, however, this fee will get lower as you get more infections and payments. All of the user transactions are covered by the server, you’ll always get what the victim paid, minus the fee of course.

When creating your malware you can specify the ransom value (in bitcoins), a multiplier for the ransom after X days have passed, the number of days after the multiplier takes place, a private note so you can keep track of your victims.
Satan is free. You just have to register on the site.
Satan is very easy to deploy, you can create your ransomware in less than a minute.
Satan uses TOR and Bitcoin for anonymity.
Satan’s executable is only 170kb.

If english is not your first language or you speak a second language you can translate the ransom notes to help your victims understand better what is happening.
In case you’re looking for a way to spread the ransomware, there is a droppers page, where you can generate a crude code for a Microsoft Word macro and CHM file.

If you have any problem with the ransomware, you can report it using the leftmost button on the malwares table. The middle blue button is used to update the malware to a newer version, if available, and the green one is used to edit your malware configuration.


 

All in all – this is a big step forward in luring in and incubating talent pertinent to ‘Anti-Security’ professionals aka. hackers, attackers, and the list goes on.

The the humorous part is that – the way this has been publicized; it’s much much better than any security vendors’ product or service offering in terms of marketing the packaged product.  An its an excellent business model for the provider as it fuels not just their current investment however, also takes it a notch up and adds to the revenue from the exploits to next iteration of R&D.

 
Leave a comment

Posted by on February 7, 2017 in Security Posts

 

Security Keynote at Total Security Conference

Last week I delivered a Keynote at Total Security Conference in Hong Kong. This was to share today’s security trends and Juniper vision on cloud as the platform to deliver security. It was both really insightful and fun connecting with the audience; understanding the security landscape in the region and getting to know what the C-Level is looking from a solution perspective to tag along the business imperatives.

Get a sneak peak of the session at http://www.questexevent.com/TotalSecurityConference/2016/hongkong

The slides used for the keynote should be available shortly.

Here are a few photos from the event._DSC2109

 
Leave a comment

Posted by on May 17, 2016 in Events

 

CIPTV2, It’s Official. And its here!!!

Yes, that’s right. Of the two books which were soon to be published – one is published. And so, it’s official – my third book (this time as a co-author) in its physical self – hard cover, 450+ pages. Feeling excited and ecstatic!!!

If this topic interests you or someone you know, please read it or recommend it and provide your invaluable feedback. The book is available at following link.

http://click.linksynergy.com/deeplink?id=aV8WWcTd0Yc&mid=24808&murl=http%3A%2F%2Fwww.ciscopress.com/store/implementing-cisco-ip-telephony-and-video-part-2-ciptv2-9781587144554

 

ShowCover.asp

 
Leave a comment

Posted by on March 29, 2016 in CCNP Collaboration

 

Tags: , , , , , , , , ,

Third Time is a Charm!!! Upcoming CIPTV1 and CIPTV2 Books

It’s said that third time is a charm. Looks like it is indeed the case when it comes for me to author books.

After the first two books – Securing Cisco IP Telephony Networks and CCIE Collaboration Quick Reference, I’ve yet again conjured my author spirit and have co-authored two more Cisco Press books.

The first to hit the shelves in late Mar to early Apr 2016 is Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2) followed by Implementing Cisco IP Telephony and Video , Part 1 (CIPTV1) which is set to be released in Jul 2016. These are part of the new CCNP Collaboration exam and are absolutely revamped from earlier avatars.

CIPTV1 addresses CCNP Collaboration Exam 300-070 while CIPTV2 addresses exam 300-075.

Both books are available for pre-order (both e-book and paperback) at following links:

Addressing CUCM architecture to design to deployment, Cisco VCS, Cisco Telepresence based Video Conferencing, Cisco Expressway, and many more topics – these books pack a punch!!! Of course, they’re aligned with the CCNP Collaboration exam blueprint so they are go to reference material to pass CIPTV1 and CIPTV2 exams with flying colours.

ShowCover.asp

 

ShowCover.asp2

I hope you enjoy reading these books as much as I enjoyed writing them 🙂

 

P.S. More stuff to follow including webinars, excerpts, reviews and much more shortly.

 
1 Comment

Posted by on March 14, 2016 in UC Security Posts

 

Tags: , , , , , , ,

Cisco IP Phones Cannot be Turned Into Listening Devices! – By Aurus

I was requested to post this topic by Aurus, a Cisco Solution Partner that develops software solutions on top of Cisco UCM, UCCX/UCCE and TelePresence. Remember the funtenna story? If you didn’t hear about it or missed it, I have it posted in one of my earlier blogs. Nevertheless – Enjoy this post 🙂

Disclaimer: This post is written/edited by Aurus and represents their thoughts and products/services. The blog author makes no representations as to the accuracy or completeness of any information on this post. The blog author will not be liable for any errors or omissions in this information nor for the availability of this information.


 

Hello Everyone,

And thanks the blog author for posting this. Here is the story…

We’re Russians. For several years we develop apps which add extra features to Cisco collaboration solutions and some of them are used to improve the enterprise security (call recording, paging, secure conferences etc). Every month we receive a request from some Chief Security Officer asking whether its possible to turn the Cisco IP-Telephony into the network of microphones.

Ok, we are used to hear that question from Russian CSOs but last year we went global and started selling worldwide. Guess what? Yes, the same requests from other countries.

So, to all security chiefs in the world. With all respect to your job, please note…
You can:
• Record CUCM calls,
• Monitor (listen in real time) calls,
• Barge-in and “whisper”.

You can NOT:
• Turn on the IP phone external mic remotely to hear to what’s happening in the office WITHOUT indication on the phone (the yellow speakerphone led and the icon on the IP phone display)

You’re welcome to:
• Try our products,
• Discuss how to improve the corporate security with UC apps.

You’re NOT welcome to:
• Ask us to hijack the Cisco firmware,
• Ask us to turn the speakerphone led off.

Comparing to other major UC vendors Cisco provides the most powerful official developer tools allowing Cisco’s technology partners to build UC apps, including those improving the collaboration security:
• Call recording – total and on-demand,
• Text and audio paging – to the desktop and mobile phones,
• Cisco IP phone lock – to prevent its abuse when the phone owner is away,
• Protecting audio-conference with PIN or Caller ID,
• Extension Mobility Single-Sign-On.

More apps and case studies are available at Aurus website http://www.aurus5.com/

 
Leave a comment

Posted by on February 22, 2016 in UC Security Posts

 

Tags: , , , ,

A Book Edit I did and wasn’t aware of!

Yes, the title says it all – a book for which I was invited to be a contributing editor alongside my dearest / my better half – Kanika Behl. It’s so easy to do some quality work and forget about it amidst all the other usual and hectic work and non-work related chores and errands.

So how I came to know about it? I happened to browse Amazon looking for organizational dimensions on legal and technology aspects and amongst many other titles; came across this title: Organizational, Legal, and Technological Dimensions of Information System Administration (Advances in Systems Analysis, Software Engineering, and High) reading the content through which I saw my and my better half’s names in the Editorial Advisory Board.

http://goo.gl/acIhFY

the book we reviewed formatted

What!? I remember we did this sometime back but whoa – never knew it was already published and was available on Amazon.

Anyways, happy to see our contributions being called out and would like to wish the authors of the title best with the same.

 
Leave a comment

Posted by on June 9, 2015 in UC Security Posts