Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

The State of Incident Response by Bruce Schneier 4: OODA Loops in Cybersecurity

The concept of OODA loops, which originated in the U.S. Air Force, is being explained and extrapolated to digital incident response in this entry. Alright, so, people, process, and technology. The key here is making it scale. I’m at the follow-on sentence from Lorrie Cranor, she wrote: “However,...

The State of Incident Response by Bruce Schneier 3: Effects of the Prospect Theory

The nuances covered by Bruce Schneier in this part are related to the psychological effects on IT security, namely the behavioral patterns for loss aversion. Now my one piece of psychology. I am going to try to explain security in terms of one psychological theory. And the theory is “prospect...

The State of Incident Response by Bruce Schneier 2: Security-Related IT Economics

Having highlighted the basic IT security trends, Bruce Schneier moves on to dwell on the economic facet of the contemporary cybersecurity. Now I want to give you some IT economics that’s relevant to security. I have four pieces of economics that matter for IT and matter for security, and I think the more...

The State of Incident Response by Bruce Schneier

This series of articles reflects a Black Hat talk by prominent computer security expert Bruce Schneier where he covers the current state of incident response. I’m going to talk about incident response. I’m going to talk about it in kind of a meandering fashion. I’m going to talk about three trends in...

Exploiting network surveillance cameras like a Hollywood hacker 6: Demo time

A bunch of cameras having been analyzed for security vulnerabilities, Craig Heffner demonstrates a demo about hacking admin’s video feed and does a brief Q&A. … So the admin will now always see the empty elevator no matter what is actually going on in there. This is actually a lot more fun to see in...

Exploiting network surveillance cameras like a Hollywood hacker 5: Messing around with admin’s video feed

Mr. Heffner demonstrates a proof of concept where live video feed on TRENDnet camera gets replaced with a static image through the use of an old vulnerability. But I wanted to kind of take a step back from that and say, okay, that’s great and all, but what can I do to the camera itself? I’ve got root on...

Exploiting network surveillance cameras like a Hollywood hacker 4: Attack surface analysis of 3S Vision

Moving on to another vendor, Craig Heffner now analyzes the nuances of getting access to video feed and, even more, becoming root on 3S Vision cameras. By far, the most expensive camera I looked at, though, was the N5072 from 3S Vision (see right-hand image). This one has a list price of “Contact...

Exploiting network surveillance cameras like a Hollywood hacker 3: Accessing the admin area on IQinVision

Having discovered vulnerabilities for D-Link and Cisco, which aren’t camera-focused companies, Craig Heffner looks into how IQinVision is doing security-wise. So I said, okay, clearly, D-Link and Cisco are doing it wrong in their defense, though, you know, they’re not really camera companies; they...

Exploiting network surveillance cameras like a Hollywood hacker 2: Cisco’s weaknesses

It’s turn for the business IP cameras by Cisco to undergo Craig Heffner’s examination security-wise, in particular the popular PVC2300 and WVC2300 models. So I said, okay, D-Link is an easy target, as I mentioned – that’s why I picked them. Let’s move on to perhaps a more reputable vendor, like...

Exploiting network surveillance cameras like a Hollywood hacker

Craig Heffner, a Vulnerability Analyst with Tactical Network Solutions, presented at Black Hat to cover common security issues in network surveillance cameras. Hi, I’m Craig Heffner; this talk is, obviously, “Exploiting Surveillance Cameras Like a Hollywood Hacker”. As some of you may or may...