You are on page 1of 3

}anuaiy 6, 2u14

!"#$ &'("$)*+,"' -./#$,+0 -+"$,.1 "( 2345 6"# 7*0 8*9. 7,11.:

http:www.wiieu.cominsights2u14u1foui-infoimation-secuiity-stoiies-2u1S-
may-misseu

Naik Stanislav

Each yeai, bloggeis, inuustiy leaueis, anu jouinalists pen theii pieuictions foi the
coming yeai's potential tienus in infoimation secuiity. While it's ceitainly fun to
play Nostiauamus once in a while, it's peihaps moie useful to iecap the impoitant
events, people, anu technologies that happeneu in 2u1S that may have flown unuei
the iauai foi many people.


It was an easy yeai to lose impoitant stoiies when situations like the Auobe bieach
anu Euwaiu Snowuen's NSA whistleblowing was happening, but now's the time to
make suie these stoiies have a chance to be heaiu befoie we stait the tally on
2u14's biggest news.
;<. !;=> ;?@AB'.+> *': +<. &'+.$'.+ "( ;<,'C1
With explosive giowth in the "Inteinet of Things" (IoT), it's almost moie uifficult to
buy a uevice that can't be put online these uays. While the types of Inteinet-enableu
uevices being put online vaiy gieatly, one populai categoiy is home secuiity
cameias. TRENBnet leaineu the haiu way this yeai that failing to builu auequate
secuiity into this soit of piouuct won't be toleiateu by the FTC.
Aftei a hackei posteu links to neaily 7uu TRENBnet uevices that suffeieu fiom weak
cieuential secuiity (allowing easy access to the viueo feeus of people's homes), the
FTC steppeu-in anu fileu a complaint against the company. The iesulting settlement
with the FTC means that TRENBnet will have to establish a piopei infoimation
secuiity piogiam, be iequiieu to have a thiiu-paity secuiity auuit eveiy two yeais,
anu aie foibiuuen fiom claiming theii piouucts aie "secuie" to consumeis.
The speeu with which FTC Chaiiwoman, Euith Ramiiez, took contiol of this
situation was astounuing anu iigoious. This action by the FTC is likely a sign of
things to come anu holus hope foi consumeis that someone is watching out foi theii
inteiests as the IoT continues to giow iapiuly.
D7EFG A.+H"$I -/*'','C "' -+.$",:1
While many technology piofessionals have likely come acioss the secuiity scannei
calleu Nmap, which has been aiounu since 1997, veiy few people have heaiu about
the 0niveisity of Nichigan cieation calleu ZNap.
Piesenteu at the 22nu 0SENIX Secuiity Symposium in August, this new technology
is capable of scanning the entiie IPv4 Inteinet auuiess space in unuei 4S minutes.
As a point of compaiison, NNap woulu take 1,Suu-times longei to uo a similai scan.
If you take into account the speeu at which ZNap is capable of scanning anu
iemembei that we'ie seeing an explosion in Inteinet-enableu uevices anu the
continueu ioll-out of IPv6 (which has an enoimous auuiess space), the implications
aie cleai. Imagine being able to check availability foi a given netwoik poit multiple
times an houi acioss the entiie Inteinet when a new vulneiability comes out.
The tool is a notable achievement anu will ceitainly leau to bettei insight into how
the Inteinet is being shapeu anu also allow ieseaicheis (of all intentions) moie
visibility than evei into what's listening out theie.
7"#'+,'C JK H,+< L& E) +<. =*9*M$0N
The infoimation secuiity community is iaiely at a loss foi woius anu often those
woius iesult in some impactful changes to the ways things aie uone in the inuustiy.
Fiom mentoiship to finuing vulneiabilities, the leaueis among us often help shape
the next milestone in cieating a piofession we can all be piouu of. This yeai, the
vision of Nick Peicoco anu }osh Coiman has staiteu to come to light uubbeu, "I Am
The Cavaliy".
It's no seciet that the methous anu piocess by which vulneiabilities anu secuiity
ieseaich is iepoiteu is quite uiveise. What Nick anu }osh have been conveying is
that the infoimation secuiity ieseaicheis of the woilu have a lot to contiibute to the
giowing conceins behinu pooi secuiity of eveiything fiom cais to meuical uevices.
To that point, the two have been going aiounu to confeiences this yeai (anu I hope
foi many yeais to come) anu piesenting theii thoughts as to what pioblems exist
anu how best to contiibute to iesolving them. While many people who have a casual
knowleuge of "hacking" may think eveiyone is out theie to uo ill anu cause mischief,
the ieality is, anu theii vision conveys, the public goou is at coie of what many of us
actually uo.
;<. F*11,'C "( O*$'*P0 Q*/I
While many outsiue of the tech community caught news of the suiciue of Reuuit co-
founuei, Aaion Swaitz, the news of Bainaby }ack's ueath in }uly just befoie the
majoi secuiity confeiences Black Bat anu BEF C0N seemeu to get lost in the shuffle
quickly.
Bainaby passeu away just uays befoie he was supposeu to speak at Black Bat on
ieseaich he hau been conuucting on pacemakei secuiity. Bis pievious secuiity
ieseaich involveu "jackpotting" an ATN anu hacking insulin pumps.
The people who knew Bainaby best shaieu stoiies anu insights in the uays following
his ueath, leauing eveiyone who was paying attention to come to leain him to be a
fun, chaiismatic, anu kinu peison. Bis biilliant minu anu passion, coupleu with a
panache foi piesentation, leu to Bainaby being well known thioughout the
community, even if you nevei met him in peison.
While a lot happeneu in 2u1S foi infoimation secuiity in geneial, losing a wonueiful
peisonality anu talenteu ieseaichei shoulu always tiump any single bieach.
Bieaches happen, someone gets sueu, anu eveiyone moves on. When someone
passes away, that's it. So as you wiap-up youi yeai anu ieau pieuictions, uon't
foiget people like Aaion anu Bainaby who weie shaping the woilu anu not just
living in it.
!"#$ &'"()*+", )* '-. *./0#)'1 .,"(2.+)*' "' 304 &./0#)'15

You might also like