Japanese Government to Use 'Credential Stuffing' to Survey Consumer IoT Devices


ABTV Application Cloud Endpoint Infrastructure IoT/Embedded Mobile Network Operational Security Management
Sign up for our weekly newsletter! REGISTER NOW

Comments Japanese Government to Use 'Credential Stuffing' to Survey Consumer IoT Devices Newest First \| Oldest First \| Threaded View [close this box] Page 1 / 2 > >> mhhfive 2/6/2019 2:03:12 PM User Rank Guardian undocumented manufacturing backdoors... Is there any way to disprove an undocumented manufacturing backdoor? It seems like a lot of countries would like them.. but how does anyone know if they do or don't exist? I'm sure Huawei would like to be able to definitely say they don't support backdoors of any kind.... Reply Post Message Messages List Start a Board Login 50% 50% batye 2/1/2019 2:04:50 PM User Rank Guardian Re: Automated @ms.akkineni yes things need to be changed as for now it seems like it free for all... and security it more like a lip service... Reply Post Message Messages List Start a Board Login 50% 50% batye 2/1/2019 2:02:46 PM User Rank Guardian Re: nobody's home @Michelle as everyone keep thinking they Router is secure... but will it ever be "secure" as on my end I keep updating the router firmware... but it me... with my better safe than sorry... Reply Post Message Messages List Start a Board Login 50% 50% Michelle 1/31/2019 9:55:11 PM User Rank Guardian Re: nobody's home Ahh, yes. Home network monitoring isn't much of a thing... Reply Post Message Messages List Start a Board Login 50% 50% Michelle 1/31/2019 9:53:38 PM User Rank Guardian Re: nobody's home That's pretty much what my husband said when I brought it up. I immediately thought of privacy and an overreaching government. Pen testing seems ok if it means the country can be more secure. Reply Post Message Messages List Start a Board Login 50% 50% ms.akkineni 1/31/2019 8:28:47 PM User Rank Guardian Re: Automated While i strongly feel device level security is required, having an additional checkpoint by Government is a definite plus. Reply Post Message Messages List Start a Board Login 50% 50% ms.akkineni 1/31/2019 8:25:12 PM User Rank Guardian Re: Automated Completely agree with you that it has to be handled at device level. In this smart age that has to be a requirement. Reply Post Message Messages List Start a Board Login 50% 50% Joe Stanganelli 1/31/2019 5:56:33 PM User Rank Author Re: Automated @Taimoor: On the one hand, the civil libertarian in me wouldn't particularly want government doing anything on my network, dangit. On the other hand, doing this kind of thing recognizes that IoT security is not just an issue for individuals, but it is a national-security and global-stability issue (because non-secure IoT devices can be leveraged for botnets that can then be used to DDoS critical services and communications). Reply Post Message Messages List Start a Board Login 50% 50% TaimoorZubair 1/30/2019 9:53:36 PM User Rank Guardian Automated I think credential stuffing is a big risk especially when it comes to IoT devices. It can indeed be a big threat. What the government is doing to detect it is a good approach, however I believe this is something that should automatically be flagged by devices. No device should be allowed to be used if the password is unsecure. The devices have to be intelligent enough to point out to the user about the strength of the password and its age and make sure the users take prompt action to change the passwords. Reply Post Message Messages List Start a Board Login 50% 50% TaimoorZubair 1/30/2019 9:48:17 PM User Rank Guardian Re: nobody's home @Joe: I think it'd only sound like an attack when there's an ulterior motive involved to exploint the information. If the purpose is to simply assess the current security situation and not cause any damage, it'd probably not fall under an attack. But again that's my personal opinion about it. Reply Post Message Messages List Start a Board Login 50% 50% Page 1 / 2 > >>		Latest Articles Networks in Danger as Global BGP Routing Table Reaches Capacity 1 Comment The Internet is going to run out of address space sometime this month. Over 500 Million Chrome iOS Sessions Hijacked in Massive Malvertising Campaign 5 comments Confiant has spotted the known threat actor eGobbler back in action. Russian Hacker Group TA505 Found to Be Attacker of US Financial Firms 4 comments Israeli-based Cyberint has found evidence of remote access Trojans being used in attacks on financial entities in the United States as well as worldwide. Wipro Gets Phished to Gain Access to Clients 1 Comment Sources say that the company was being used as the start of 'digital fishing expeditions targeting at least a dozen Wipro customer systems.' Servers Discovered With Multiple Malware Families, Staged & Ready to Launch 1 Comment Bromium has uncovered US-based web servers that are being used to host and distribute these kinds of malware including banking trojans, information stealers and ransomware. More Blogs Information Resources • A CISO’S Guide to Hybrid Cloud Security • Endpoint EcoSystems E-Book: Collaborating To Conquer Security Threats • (Sans) Understanding the (True) Cost of Endpoint Management Survey • Forrester Research - The Total Economic Impact of IBM BigFix Patch And BigFix Compliance • CISOs Investigate: Endpoint Security Peer-authored Research • Understanding the True Cost of Endpoint Management Webinar • SOAR Platforms: Everything you need to know about security orchestration, automation, and response • Considerations in Selecting the Right SD-WAN Solution • 5 Security Imperatives When Considering Network Modernization and SD-WAN • ThreatConnect SIEM + Threat Intelligence Quickly Identify the Threats that Matter to You All resources upcoming Webinars ARCHIVED Risk Buy-Down: Why Data Security is a Must (archive available soon) Tuesday, April 23, 2019 11:00 am New York / 4:00 pm London More Webinars Webinar Archives Analysts Corner Ovum Resources • Ovum 2018 Trends to Watch: IT & Cybersecurity • Ovum IoT Security: Technology Strategies & Vendor Profiles • Ovum 2018 Trends to Watch: Managed Security Services • Ovum's Mini-Guide to GDPR Analysts Corner archive Flash Poll All polls Video In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ... CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ... You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ... Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ... Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ... All Videos Sponsored Video Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ... Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ... This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video All Videos Radio Shows ARCHIVED \| August 31, 2017, 3pm EDT Voice of Security Radio: A Security Partnership with Machine Learning An interview with Steve Grobman, CTO of McAfee ARCHIVED SHOWS DOWNLOAD TO CALENDAR Slideshows Top 10 Security Stories of 2018 Slideshow archive Twitter Feed Tweets by Security_Now_ like us on facebook