Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

Treck TCP/IP Library Flaws Discovered, Patches Issued

June 17, 2020 by Marc Handelman in Network Insecurity, IoT Insecurity, Supply-Chain Insecurity, Information Insecurity

via Juha Saarinen, writing at Australia's well-regarded ITNews, reports of security failures in the Treck TCP/IP library, comprimising a wide range of supply-chain related IoT infrastructure. A single ray of happy sunshine illuminating this mess is the apparent acknowledgement of the flawed bits, and issuance of patches for the lib under scrutiny. Today's unfortunate bad news/good news Must Read.

June 17, 2020 /Marc Handelman
Network Insecurity, IoT Insecurity, Supply-Chain Insecurity, Information Insecurity

Windows 10, IoT Core Test Subsystem Permits Device Control Seizure

March 06, 2019 by Marc Handelman in Information Insecurity, IoT Insecurity

Why of Why Did I Take The Blue Pill... via BleepingComputer writer Sergiu Gatlan comes research output by SafeBreach security research Dor Azouri, that the tests are focused on the ARM based release, and not the x86-64 product. More information is available at the project's Github site. Additionally, Dor's white paper detailing the project is available under the title "SirepRAT: RCE as SYSTEM on Windows IoT Core", a truly outstanding security project; and a H/T to Sergiu Gatlan - for his original superb reporting.

March 06, 2019 /Marc Handelman
Information Insecurity, IoT Insecurity