Lee H. Badman

Network Computing Blogger


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Hacking Everything

Here’s a puzzle for you: what do a new Dodge Ram pickup truck, a digital road sign, a young English lady’s cell phone and a modern lighting control system have in common? They’re not all necessarily made in the same Third World country, if that’s what you’re thinking. But they are all exploitable by virtue of their network connectivity, and the implications can be quite worrisome.

I was in London a few weeks back, and the scandal involving the widespread hacking of mobile phones by the media was still fresh enough that my cab driver was more than happy to share the lurid details as Londoners saw it. The technical aspects are interesting enough, but my new friend Mick said something that stuck with me: "It just shouldn’t be that easy. I mean, everybody’s got a cell phone, and not all reporters are that smart, you know?"

Then, driving home from work this week, I caught a story on NPR1 that detailed how security firm iSEC Partners was able to demonstrate unlocking a vehicle and starting its engine through the same sort of IP-connected framework that makes the likes of OnStar tick. This was a nice followup to an earlier piece dealing with same topic, but talking more about the use of texting as a command protocol of sorts and the security weaknesses that accompany the once-exotic notion of making seemingly stupid objects able to interconnect in cool and strange new ways.

And who hasn’t seen the images of digital highway signs hacked to display funny (in the eye of the prankster, obviously) messages? Instead of "Traffic Congestion Ahead," you probably saw either "Zombies Ahead" or "Poop Ahead," depending on what variant cycled through your email. Whether you subscribe to sophomoric humor or not, the fact that many such signs now get programmed remotely over cellular or satellite networks also raises the hairs on the backs of the necks of those of us who "do" security for a living.

Put simply, as the Internet of Things continues its aggressive growth and more IP-enabled consumer devices show up far and wide, the environment for those who enjoy network-based vandalism, and for those who seriously hack for a living, is also becoming proportionally more target-rich.

Attacks on modern devices can have a social engineering and a technical component. Josh Wright, of Will Hack For SUSHI fame, published a great article called "Verizon MiFi Pwned," which details his signature thorough approach to attacking a device through simple observation of product labels combined with easy-to-use cracking tools to maliciously master one of Verizon’s hottest mobile products.

The examples of devices to be concerned about from the perspective of network security go on and on: ATMs, medical equipment, lighting systems, appliances, smart grid components and network signaling devices on the road, in port and in the rail spaces. And there are plenty more potential targets as the world grows ever more connected by the amazing fruits of modern chipmakers’ labors.

In reality, not every device I've mentioned here has been hacked--yet. At the same time, common sense says it’s just a matter of time before each one of these device sets sees real trouble, whether it’s just somebody recreationally DOSing the devices or using the new distributed endpoints as ingress vectors to real high-value targets.

These are exciting times in networking, and getting more so every day. Let’s hope that all of the people putting new devices and protocols onto the wire and in the air remember to add a healthy dose of paranoia into their feature sets.


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

WAN Security Reports

Research and Reports

Network Computing: April 2013



TechWeb Careers