Sunday, April 16, 2017

Submit a Report - Watchdog

Submit a Report - Watchdog
C''mon people!! Tell Comcast how you feel!!!
  

File a bit Report with TRUSTEe

  • TRUSTe requests that you provide a working e-mail address where you can be reached, especially if there are questions or more information is needed. If you consent to TRUSTe sharing your information with the site you reported, TRUSTe will share your report and personally identifiable information with the site you reported. This is often needed in the event the site has to research account-specific issues or make changes to your data or account; such issues often cannot be resolved without being able to provide identifying information to the company you reported.

  • Please enter the details of your complaint. This should include a clear description of the issue and the steps of how to duplicate the problem, if possible. If you wish to include an attachment, you can do so below. Do not include sensitive information such as credit card, social security number or password.


    Before you submit a complaint to TRUSTe, you should attempt to contact the site you are reporting directly to allow them to resolve your concern. Please select when you contacted the site:

    How did you contact the site? Please include as much detail as possible about their response.


    Please describe the action(s) you would like the Site to take to resolve this issue.


    If you are a registered user, please login first to submit a request. If you wish to receive a response or be reachable for questions/updates, you must provide a working e-mail address where you can receive e-mail. Please note that certain requests (such as those requiring account-specific research or changes) cannot be resolved without being able to provide identifying information to the company you reported.

    You are welcome to use your real name or use NoName if you do not wish to provide your name. Providing your name generally helps expedite resolution if the company you are reporting has to look up your specific account.





    Please check the "I am not a robot" box below to indicate that you are not an automated computer process that fill out forms.



    ^ed 

    Saturday, April 15, 2017

    BREAKING: Palm Beach Passes Tax to Make Trump Pay for His OWN Vacations. Support?

    BREAKING: Palm Beach Passes Tax to Make Trump Pay for His OWN Vacations. Support?
    I didn't vote for him and I most definitely do not want to pay more taxes for Trump's excessive travel and spending. 

    BREAKING: Palm Beach Passes Tax to Make Trump Pay for His OWN Vacations. Support?

    Palm Beach officials proposed a tax on Trump's Mar-a-Lago resort to cover the cost of his frequent visits. Trump will finally have to pay for his own frequent golf trips.

    According to CNN, Trump's many travels cost taxpayers over $20 million in the first eighty days of his presidency. This cost represents 21 days at Mar-a-Lago.

    That amounts to one-quarter of his time as president spent golfing in Palm Beach, Florida. Well, his travels not only costs the American taxpayer, but also Palm Beach County, and residents are NOT happy.

    Trump's trips cost the county $60,000 PER DAY for law enforcement overtime. That brings the total to over $2 million for the president's first 80 days in office, according to The Orlando Sentinel.

    The county is still looking for the federal reimbursement. So, to combat the country expenses for Trump, County Commissioner Dave Kerner to proposed a tax on Trump's resort to cover the costs.

    "We're very honored to have the president here, but at the same time, his travel here is such high frequency he's not visiting Palm Beach County — he's governing from it," Kerner told Money Magazine.

    Kerner went on to make it clear that Palm Beach taxpayers did not sign up for this ludicrous expense. "Whatever our priorities are, the taxpayers didn't pay this money to us to protect the president," Kerner said.

    The tax on Mar-a-Lago would help with some of the county's expenses, but it needs more. That's why Rep. Lois Frankel (D-Fla.) who represents Palm Beach, called on the government to provide reimbursements for the local governments' security costs or for Trump to cut back on his visits.

    It is ridiculous for counties and cities to pay for Trump's many escapades. If Trump is so rich, he should have no problem footing his own bill.

    Don't you think Trump should be paying for his own frequent vacations?

    POLL: Should Trump pay for his Mar-a-Lago trips?

    Trump has already spent an absurd amount of money on his golfing trips to Mar-a-Lago. It has put an extreme financial burden on the citizens of Palm Beach.

    Trump claims to be filthy rich. Shouldn't he pay for his own vacations instead of relying on hardworking Americans to foot the bill? Tell Trump what you really think in the poll below.

    At the rate Trump is going, he will bypass the total costs of President Obama's vacations over an eight-year period IN ONLY ONE YEAR. This from the president who tweeted that Obama took too many vacations and needed to stay in the White House.

    His travels are so frequent that Homeland Security Secretary John Kelly requested additional funding for the Secret Service. Apparently, Secret Service agents work so much overtime to protect Trump that they had to call in other agents around the country.

    This is an atrocious use of taxpayer money. The citizens of Palm Beach deserve better. We hope that the new tax on Mar-a-Lago provides much-needed relief soon.

    If you agree that Trump takes too many vacations and that local governments receive reimbursement for them, please take our poll and share this article on Facebook.



    ^ed 

    Thursday, April 13, 2017

    Donald Trump Mar-a-Lago

    Donald Trump Mar-a-Lago

    Mar-a-Lago

    A peek inside Donald Trump's historic Palm Beach palace

    Text by Barbara Marshall
    Cover photo by Damon Higgins

    Marjorie Merriweather Post's Mar-a-Lago

    Living Room

    Photo/C.J. Walker

    Winter White House

    A tough decision: Is it a museum, is it a presidential retreat or is it a private home? That's what the U.S. government tried to decide in 1979 when it visited the Mar-a-Lago estate. Rep. Phillip Burton (D-Calif., right) chats with the estate superintendent during the visit. (The Palm Beach Post file photo)

    Dining Room

    Donald Trump's Mar-a-Lago

    Trump's old 727 jet flies over Mar-a-Lago in a photograph staged with Trump's cooperation. (Photo/C.J. Walker)

    Mar-a-Lago Club

    Photo/C.J. Walker

    Header Tag



    ^ed 

    Here are the 61 passwords that powered the Mirai IoT botnet

    Here are the 61 passwords that powered the Mirai IoT botnet | CSO Online
    Internet of Shit!!!


    Here are the 61 passwords that powered the Mirai IoT botnet

    Mirai was one of two botnets behind the largest DDoS attack on record

    20160224 stock mwc internet of things iot sign
    Credit: Stephen Lawson

    Default usernames and passwords have always been a massive problem in IT. These days, the consumer technology that envelops the Internet of Things (IoT) has only made the problem larger.

    Default credentials, which are ignored or too difficult for some people to change, behind the development of a botnet that took part in the largest DDoS attack on record.

    The usernames and passwords below were used to enable the Mirai botnet, which is powered by IoT technology. The botnet hit Brian Krebs with traffic topping out at 620Gbps, but it's also been linked to a DDoS against OVH (799Gbps).

    Mirai scans for telnet, and then uses the credentials below in an attempt to brute-force access to the device – which could be a camera, DVR, router, or other connected hardware.

    The passwords come form the botnet's source code, which was released by the author last week. Note: There is a duplicate password in the source code. So while scanner.c has 62 password lines to check, only 61 of them are unique combinations. 

    The botnet required at a minimum, two servers. However, Mirai's author said he hosted the botnet with two VPS accounts, one server to act as a C&C, and three servers to add additional load balancing.

    At peak, the Mirai had nearly 400,000 devices connected to it from telnet scanning alone. After the attack on Brian Krebs, this shrank down to about 300,000, due to ISPs attempting to correct the easily obtained access.

    Along with releasing the botnet source code, the author of Mirai also released detailed instructions for configuration and set-up.

    So it won't be long before similar botnets start showing up on the Web.

    mirai botnet passwords
    To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.

    Steve Ragan is senior staff writer at CSO. Prior to joining the journalism world in 2005, Steve spent 15 years as a freelance IT contractor focused on infrastructure management and security.



    ^ed 

    FBI obtained FISA warrant to monitor Trump adviser Carter Page

    FBI obtained FISA warrant to monitor Trump adviser Carter Page - The Washington Post

    FBI obtained FISA warrant to monitor Trump adviser Carter Page

    The FBI obtained a secret court order last summer to monitor the communications of an adviser to presidential candidate Donald Trump, part of an investigation into possible links between Russia and the campaign, law enforcement and other U.S. officials said.

    The FBI and the Justice Department obtained the warrant targeting Carter Page's communications after convincing a Foreign Intelligence Surveillance Court judge that there was probable cause to believe Page was acting as an agent of a foreign power, in this case Russia, according to the officials.

    This is the clearest evidence so far that the FBI had reason to believe during the 2016 presidential campaign that a Trump campaign adviser was in touch with Russian agents. Such contacts are now at the center of an investigation into whether the campaign coordinated with the Russian government to swing the election in Trump's favor.

    Page has not been accused of any crimes, and it is unclear whether the Justice Department might later seek charges against him or others in connection with Russia's meddling in the 2016 presidential election. The counterintelligence investigation into Russian efforts to influence U.S. elections began in July, officials have said. Most such investigations don't result in criminal charges.

    The officials spoke about the court order on the condition of anonymity because they were not authorized to discuss details of a counterintelligence probe.

    Team Trump's ties to Russian interests

    During an interview with the Washington Post editorial page staff in March 2016, Trump identified Page, who had previously been an investment banker in Moscow, as a foreign policy adviser to his campaign. Campaign spokeswoman Hope Hicks later described Page's role as "informal."

    Page has repeatedly denied any wrongdoing in his dealings with the Trump campaign or Russia.

    "This confirms all of my suspicions about unjustified, politically motivated government surveillance," Page said in an interview Tuesday. "I have nothing to hide." He compared surveillance of him to the eavesdropping that the FBI and Justice Department conducted against civil rights leader Martin Luther King Jr.

    [Despite early denials, growing list of Trump camp contacts with Russians haunts White House]

    The White House, FBI and Justice Department declined to comment.

    FBI Director James B. Comey disclosed in public testimony to the House Intelligence Committee last month that the bureau is investigating efforts by the Russian government to interfere in the 2016 presidential election.

    Comey said this includes investigating the "nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia's efforts."

    Trump lists Carter Page among his foreign policy team in 2016

    Play Video1:12

    During an interview with The Washington Post's editorial board on March 21, 2016, then-presidential candidate Donald Trump named Carter Page as one of his forei (The Washington Post)

    Comey declined to comment during the hearing about any individuals, including Page, who worked in Moscow for Merrill Lynch a decade ago and who has said he invested in Russian energy giant Gazprom. In a letter to Comey in September, Page had said he had sold his Gazprom investment.

    During the hearing last month, Democratic lawmakers repeatedly singled out Page's contacts in Russia as a cause for concern.

    The judges who rule on Foreign Intelligence Surveillance Act (FISA) requests oversee the nation's most sensitive national security cases, and their warrants are some of the most closely guarded secrets in the world of U.S. law enforcement and intelligence gathering. Any FISA application has to be approved at the highest levels of the Justice Department and the FBI.

    Applications for FISA warrants, Comey said, are often thicker than his wrists, and that thickness represents all the work Justice Department attorneys and FBI agents have to do to convince a judge that such surveillance is appropriate in an investigation.

    The government's application for the surveillance order targeting Page included a lengthy declaration that laid out investigators' basis for believing that Page was an agent of the Russian government and knowingly engaged in clandestine intelligence activities on behalf of Moscow, officials said.

    Among other things, the application cited contacts that he had with a Russian intelligence operative in New York City in 2013, officials said. Those contacts had earlier surfaced in a federal espionage case brought by the Justice Department against the intelligence operative and two other Russian agents. In addition, the application said Page had other contacts with Russian operatives that have not been publicly disclosed, officials said.

    [Former Trump adviser admits to 2013 communication with Russian spy]

    An application for electronic surveillance under the Foreign Intelligence Surveillance Act need not show evidence of a crime. But the information obtained through the intercepts can be used to open a criminal investigation and may be used in a prosecution.

    The application also showed that the FBI and the Justice Department's national security division have been seeking since July to determine how broad a network of accomplices Russia enlisted in attempting to influence the 2016 presidential election, the officials said.

    Since the 90-day warrant was first issued, it has been renewed more than once by the FISA court, the officials said.

    In February, Page told "PBS NewsHour" that he was a "junior member of the [Trump] campaign's foreign policy advisory group."

    A former Trump campaign adviser said Page submitted policy memos to the campaign and several times asked to be given a meeting with Trump, though his request was never granted. "He was one of the more active ones, in terms of being in touch," the adviser said.

    The campaign adviser said Page participated in three dinners held for the campaign's volunteer foreign policy advisers in the spring and summer of 2016, coming from New York to Washington to meet with the group. Although Trump did not attend, Sen. Jeff Sessions (R-Ala.), a top Trump confidant who became his attorney general, attended one meeting of the group with Page in late summer, the campaign adviser said.

    Page's role as an adviser to the Trump campaign drew alarm last year from more-established foreign policy experts in part because of Page's effusive praise for Russian President Vladimir Putin and his criticism of U.S. sanctions over Moscow's military intervention in Ukraine.

    In July, Page traveled to Moscow, where he delivered a speech harshly critical of the United States' policy toward Russia.

    While there, Page allegedly met with Igor Sechin, a Putin confidant and chief executive of the energy company Rosneft, according to a dossier compiled by a former British intelligence officer and cited at a congressional hearing by Rep. Adam B. Schiff (Calif.), the ranking Democrat on the House Intelligence Committee. Officials said some of the information in the dossier has been verified by U.S. intelligence agencies, and some of it hasn't, while other parts are unlikely to ever be proved or disproved.

    On Tuesday, Page dismissed what he called "the dodgy dossier" of false allegations.

    Page has denied such a meeting occurred, saying he has never met Sechin in his life and that he wants to testify before Congress to clear his name. A spokesman for Rosneft told Politico in September that the notion that Page met with Sechin was "absurd." Page said in September that he briefly met Russian Deputy Prime Minister Arkady Dvorkovich during that trip.

    Comey has declined to discuss the details of the Russia probe, but in an appearance last month, he cited the process for getting FISA warrants as proof that the government's surveillance powers are very carefully used, with significant oversight.

    "It is a pain in the neck to get permission to conduct electronic surveillance in the United States. And that's good,'' he told an audience at the University of Texas in Austin.

    Officials have said the FBI and the Justice Department were particularly reluctant to seek FISA warrants of campaign figures during the 2016 presidential race because of concerns that agents would inadvertently eavesdrop on political talk. To obtain a FISA warrant, prosecutors must show that a significant purpose of the warrant is to obtain foreign intelligence information.

    [How hard is it to get an intelligence wiretap? Pretty hard.]

    Page is the only American to have had his communications directly targeted with a FISA warrant in 2016 as part of the Russia probe, officials said.

    The FBI routinely obtains FISA warrants to monitor the communications of foreign diplomats in the United States, including the Russian ambassador, Sergey Kislyak. The conversations between Kislyak and Michael Flynn, who became Trump's first national security adviser, were recorded in December. In February, The Washington Post reported that Flynn misled Vice President-elect Mike Pence and others about his discussions with Kislyak, prompting Trump's decision to fire him.

    In March, Trump made unsubstantiated claims about U.S. surveillance of Trump Tower in New York. Later that month, Rep. Devin Nunes (R-Calif.), chairman of the House Intelligence Committee and a Trump transition official, charged that details about people "associated with the incoming administration, details with little apparent foreign intelligence value" were "widely disseminated" in intelligence community reporting. He said none of the surveillance was related to Russia. The FISA order on Page is unrelated to either charge.

    Last month, the former director of national intelligence, James R. Clapper Jr., told NBC's "Meet the Press" that U.S. law enforcement agencies did not have any FISA orders to monitor the communications of Trump, either as a candidate or as a president-elect, or his campaign. But Clapper did not address whether there were any FISA warrants targeting Trump associates.

    Three years before Page became an adviser to the Trump campaign, he came to the attention of FBI counterintelligence agents, who learned that Russian spy suspects had sought to use Page as a source for information.

    In that case, one of the Russian suspects, Victor Podobnyy — who was posing as a diplomat and was later charged by federal prosecutors with acting as an unregistered agent of a foreign government — was captured on tape in 2013 discussing an effort to get information and documents from Page. That discussion was detailed in a federal complaint filed against Podobnyy and two others. The court documents in that spy case only identify Page as "Male 1.'' Officials familiar with the case said that "Male 1'' is Page.

    In one secretly recorded conversation, detailed in the complaint, Podobnyy said Page "wrote that he is sorry, he went to Moscow and forgot to check his inbox, but he wants to meet when he gets back. I think he is an idiot and forgot who I am. Plus he writes to me in Russian [to] practice the language. He flies to Moscow more often than I do. He got hooked on Gazprom thinking that if they have a project, he could rise up. Maybe he can. I don't know, but it's obvious that he wants to earn lots of money.''

    Checkpoint newsletter

    Military, defense and security at home and abroad.

    The same court document says that in June 2013, Page told FBI agents that he met Podobnyy at an energy symposium in New York, where they exchanged contact information. In subsequent meetings, Page shared with the Russian his outlook on the state of the energy industry, as well as documents about the energy business, according to the court papers.

    In the secret tape, Podobnyy said he liked the man's "enthusiasm" but planned to use him to get information and give him little in return. "You promise a favor for a favor. You get the documents from him and tell him to go f--- himself,'' Podobnyy said on the tape, according to court papers.

    Page has said the information he provided to the Russians in 2013 was innocuous, describing it as "basic immaterial information and publicly available research documents." He said he had assisted the prosecutors in their case against Evgeny Buryakov, who pleaded guilty to conspiring to act in the United States as an unregistered agent of Russian intelligence.

    Rosalind S. Helderman contributed to this report.

    Read more:

    Trump adviser's public comments, ties to Moscow stir unease in both parties

    Blackwater founder held secret Seychelles meeting to establish Trump-Putin back channel

    Trump administration sought to enlist intelligence officials, key lawmakers to counter Russia stories



    ^ed 

    Data breaches through wearables put target squarely on IoT in 2017

    Data breaches through wearables put target squarely on IoT in 2017 | JavaWorld

    Data breaches through wearables put target squarely on IoT in 2017

    Security needs to be baked into IoT devices for there to be any chance of halting a DDoS attack, according to security experts.

    wearable smart watch
    Credit: Pexels

    Forrester predicts that more than 500,000 internet of things (IoT) devices will suffer a compromise in 2017, dwarfing Heartbleed. Drop the mic — enough said.

    With the sheer velocity of how the distributed denial-of-service (DDoS) attacks spread through common household items such as DVR players, makes this sector scary from a security standpoint.

    "Today, firms are developing IoT firmware with open source components in a rush to market. Unfortunately, many are delivering these IoT solutions without good plans for updates, leaving them open to not only vulnerabilities but vulnerabilities security teams cannot remediate quickly," write Forrester analysts.

    The analyst firm adds that when smart thermostats alone exceed over 1 million devices, it's not hard to imagine a vulnerability that easily exceeds the scale of Heartbleed. Security as an afterthought for IoT devices is not an option, especially when you can't patch IoT firmware because the vendor didn't plan for over-the-air patching.

    Alex Vaystikh, co-founder/CTO of advanced threat detection software provider SecBI, says small-to-midsize businesses and enterprises alike will suffer breaches originating from an insecure IoT device connected to the network. The access point will be a security camera, climate control, an old network printer, or even a remote-controlled lightbulb. This was demonstrated in September in a major DDoS attack on the web site of security expert Brian Krebs. A hacker found a vulnerability in a brand of IoT camera and caused millions of them to simultaneously make HTTP requests from Krebs' site. 

    "It successfully crashed the site, but DDoS attacks are not a great way to make money. However, imagine an IoT camera within a corporate network being hacked. If that network also contains the company's database center, there's no way to stop the hacker from making a lateral move from the compromised camera to the database," Vaystikh said. "This should scare organizations into questioning the popular BYOD mentality. We are already seeing a lot of CCTVs being hacked within organizations." 

    Florin Lazurca, senior technical manager at Citrix, believes that consumers will be a target of opportunity in 2017. Innovative criminal enterprises will devise ways to monetize on potentially billions of internet-facing devices that many times do not meet stringent security controls. "Want to browse the internet? Pay the ransom. Want to use your baby monitor? Pay the ransom. Want to watch your smart TV? Pay the ransom," Lazurca says.

    Florin Lazurca, senior technical manager at Citrix

    Mike Kelly, CTO of Blue Medora, agrees, stating that, "the inability to quickly update something, such as your home thermostat, is where we will see the risk. It's not about malware getting on the devices, the focus will need to be on the ability to remediate the issue. Like we saw with Windows, there will be a slew of vulnerabilities, but unlike with a computer, patching won't be as easy with IoT devices," he says.

    More connected devices will create more data, which has to be securely shared, stored, managed and analyzed. As a result, databases will become more complex and the management burden will increase. Those organizations that can most effectively monitor their database layer to optimize peak performance and resolve bottlenecks will be in a better position to exploit the opportunities the IoT will bring, he says.

    Lucas Moody, CISO at Palo Alto Networks, says security has to be baked into the IoT devices – not be an afterthought. The bloom of IoT devices has security practitioners in the hot seat, with industry analysts suggesting a possible surge up to 20 billion devices by 2020.

    "Given the recent upward trend in both frequency and intensity of DDoS attacks of late, 2017 will introduce an entirely new challenge that security teams will need to contend with; how do we secure devices, many of which are by design dumb and, for that matter, cheap?," he says. 

    Large corporations are still challenged with finding security talent to manage security in the "traditional" sense, leaving IoT startups to fend for themselves in a digital economy. 

    Moody asks, can they keep up? For the interconnected future of cars, televisions and refrigerators, maybe, but maintaining the security of smaller – and seemingly less critical items – such as toasters, thermostats, and pet feeders, it seems unlikely.

    "Security has to be baked into these technologies from the conception and design stages all throughout development and roll-out. Security practitioners will need to do more than just scramble to develop strategies to address this pivotal trend," he says.

    Corey Nachreiner, CTO at WatchGuard Technologies, predicts that IoT devices will become the de facto target for botnet zombies. With the shear volume of internet-connected devices growing every year, IoT represents a huge attack surface for hackers. More disturbingly, many IoT manufacturers do not create devices with security in mind, and therefore release devices full of potential vulnerabilities. Many of their products have vulnerabilities that were common a decade ago, providing easy pickings for cyber criminals.

    Many IoT devices coming on the market have proprietary operating systems, and offer very little compute and storage resources. Hackers would have to learn new skills to reverse engineer these devices, and they don't provide much in terms of resources or data for the attacker to steal or monetize. On the other hand, another class of IoT products are devices running embedded Linux. These devices look very familiar to hackers. They already have tools and malware designed to target them, so "pwning" them is as familiar as hacking any Linux computer.

    "On top of that, the manufacturers releasing these devices seem to follow circa 2000 software development and security practices. Many IoT devices expose network services with default passwords that are simple for attackers to abuse," Nachreiner says.

    He cited the leaking of the source code for the Mirai IoT botnet. This botnet included a scanner that automatically searched the internet to find unsecured, Linux-based IoT devices, and take them over using default credentials. With this leaked code, criminals were able to build huge botnets consisting of hundreds of thousands of IoT devices. They used these IoT botnets to launch gigantic DDoS attacks that generated up to 1Tbps of traffic; the largest ever recorded.

    In 2017, criminals will expand beyond DDoS attacks and leverage these botnets for click-jacking and spam campaigns to monetize IoT attacks in the same way they monetized traditional computer botnets. Expect to see IoT botnets explode next year, he says.

    Mike Davis, CTO at CounterTack, believes IoT will continue to be a part of the threat conversation in the coming year, but fundamentally there will be a massive change in the risks associated with the devices — it won't be about security, it will be about patching. 

    Hold your IoT security hypberbole

    Stan Black, CSO at Citrix, says we need to dispel security myths around emerging technology like IoT, machine learning and artificial intelligence.

    "Many people are afraid to adopt these emerging technologies for fear that they may be their security downfall, but as with any technology, the same security 1-2-3s apply. Change the admin username and password, allow and enable devices on separate networks (separate from the networks used to pass sensitive data), create management and access policies, and above all, make sure that employees are educated about how, when and where to use these kinds of technologies," he says. 

    Adoption of emerging tech like IoT can actually have more security benefits than challenges, if implemented correctly, Black says. The same goes for machine learning. The security wave of the future includes these technologies, so it's best for businesses to learn about them early, learn about the benefits and reap the rewards of clouds, devices and networks that can learn from, and adapt to, changing behaviors to make for a stronger security posture.

    The wave of the future will be computers that can grant or deny access based on fingerprinted keyboards that can sense the normal amount of pressure your fingers normally apply. Taking advantages of benefits like these will help companies move to a new security infrastructure and mindset, he predicts. 

    "The mobile devices we depend on every day are loaded with sensors, heat, touch, water, impact, light, motion, location, acceleration, proximity, etc. These technologies have numerous applications including sensing motion and location to ensure people are safe when they travel," Black adds.

    These devices are rarely protected or maintained with the same vigor as corporate IT systems, making them generally more vulnerable to being compromised and drafted into a zombie army. This situation is nothing new, but in the next year we can expect to see "personal networks of things" reside in homes with gigabit internet connections — like those offered by Google and AT&T — and so make home networks far more interesting, especially if vulnerabilities in popular home devices can be exploited mechanically (e.g., how the Mirai botnet was built).

    Consumers will need to protect their personal networks from this new version of Mirai botnets, creating demand for services that safeguard them. More importantly, vendors will need to adopt better standards for protection of devices. If the Mirai botnet is any indication, the lack of security in device design is still quite profound, Black says.

    Speaking of standards

    Steven Sarnecki, vice president of federal and public sector at OSIsoft, pointed to the National Institutes of Standards and Technology's (NIST) National Cyber Center of Excellence for a glimpse of what is to come. NIST is currently piloting a project to assess how energy companies can better utilize connected devices to integrate and increase security with hopes of sharing those best practices and insights across the energy sector.  

    "As more companies wake up to the reality of IoT security threats, these solutions will become more commonplace, enabling enterprises to markedly increase their security footprint with only minimal incremental cost," he says.

    Sarnecki adds that in 2017 he would expect a large portion of IoT users, especially within the enterprise and industrial spaces, to begin to seriously consider the "internet of threats" aspect posed by IoT to their networks. Energy companies, water utilities, and many other critical infrastructure sectors rely on connected devices to support their missions.

    Jeannie Warner, security manager at WhiteHat Security, agrees that new guidelines will emerge from organizations such as NIST requiring that application security vendors partner with device manufacturers and testing labs to deliver secure IoT systems. 

    "The internet of things is growing daily, with smart devices and controlling applications at the core of every business from healthcare to smart cars and smart buildings. It's essential to protect smart anything from attackers attempting to exploit their vulnerabilities," she says.

    In the same way manufacturing safety testing via the American National Standards Institute controls new releases in devices, she believes NIST SP 800 or a similar body will form guidelines for a comprehensive security assurance through the integration of dynamic application scanning technology and rigorous device controls testing.

    Commonalities in all IoT systems include controls for tracking and sensing interfaces, combined with web- or mobile-enabled control applications that combine to expand the borders of the security ecosystem, she says. New guidelines will (ideally) force more application security vendors to partner with device control testing labs to support manufacturing earlier in the development process, helping the innovative organizations to manage risk by identifying vulnerabilities early in development, continue to monitor challenges during testing, and help release more secure products.

    Big data

    The enterprise has paid attention to IoT for some time, though 2017 will be the year we move past the "wow" phase and into the "how do we do we securely and effectively bring IoT to the enterprise, how do we handle the high speed data ingest, and how do we optimize analytics and decisions based on IOT data," says Redis Labs Vice President of Product Marketing Leena Joshi.

    Mark Bregman, Chief Technology Officer at NetApp, believes 2017 will be about capitalizing on the value of data. The explosion of data in today's digital economy has introduced new data types, privacy and security concerns, the need for scale and a shift from using data to run the business to recognizing that data is the business.

    Off-line data analytics and threat hunting become endless money pits, says Gunter Ollmann of Vectra Networks. "We're told, and we observe, that each year our corporate data doubles. That power-of-two exponential growth, after merely four years of storing, mining, and analyzing logs for threats, means a 16-fold increase in overall costs — with an accompanying scaled delay in uncovering past threats."

    Recommended

    • JavaWorld Java IDEs review, September 2016
    • diamond light source synchrotron main chamber
    • android beginners2
    • CI/CD with Jenkins and Docker, Part 1



    ^ed