Slides, test results and configurations are available here. The presentation is on the ARES & CD-MAKE Conference Youtube channel. Summary The Internet of Things is a widely adopted and pervasive technology, but also one of the most conveniently attacked given the volume of shared data and the availability of affordable but insecure products. In most cases, if attackers cannot exploit security gaps and privacy issues to exfiltrate data, they can (and most probably will) damage the service by performing Denial of Service (DoS) attacks towards the backend, the connected clients or external services. In this work we investigated two classes of DoS attacks that target the handling of message queues in MQTT, one of the most broadly used IoT protocols; ref. here for an introduction to MQTT and its capabilities. The first attack attempts to saturate the MQTT broker resources by sending many heavy messages on different topics with or without a set of subscribed clients. This is due to the b
Network administrators with two models of SonicWall firewalls in their environments are being urged take action to prevent the devices from possibly being compromised. The warning comes from researchers at Bishop Fox, an Arizona-based cybersecurity company, which says over 178,000 series 6 and series 7 next-generation firewalls could be in danger. The problem is in