Security in the Internet of Things is a fairly common concern these days - you know, Heartbleed, toasters, that kind of thing - but you may not even have considered the greatest threat to your connected devices: classic 1990s first person shooters. That's the scenario presented in this recent experiment from Context Information Security. By taking advantage of a web interface that require no user authentication, the Context team managed to get Doom up and running on a Canon Pixma printer. Obviously Doom is not the point in itself, so much as an illustration of the vulnerability, but it definitely gets the idea across. According to Michael Jordon at Context, the vulnerability was fairly serious: At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what? The issue is with the firmware update process. While you can trigger a firmware update you can also change the web proxy settings and the DNS server. If you can change these then you can redirect where the printer goes to check for a new firmware. So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell - nothing... Jordon's post goes into detail on how the encryption was broken. Canon was contacted and informed of the problem, and responded that it would be fixed, but Jordon warns that it's not a unique scenario. While this particular technique is not currently a common concern, it demonstrates the reality of security concerns when it comes to IoT devices. Once everything is connected, how many devices will be vulnerable? How confident can we be that the creators of these devices will be cognizant of these issues? As a potential catch-all solution, Context offers a strange bit of advice: Context recommends that you do not put your wireless printers on the Internet, or any other ‘Internet of Things’ device. So, there you go - one way to be sure. The Internet of Things can't help but be secure if you get rid of that whole "Internet" part.

One crucial aspect of ensuring a secure Kubernetes infrastructure is the effective management of secrets, such as API keys, passwords, and tokens.

Open-source software and cloud-native infrastructure are inextricably linked and can play a key role in helping to manage security.

In this article, I explore a use case and dive deeper into the question, "Is change management the best way to manage IT risk?"

This article discusses the importance of detecting threatening IP addresses in various forms and provides two API solutions to help detect those threats.

Istio makes it easier to scale workloads in Kubernetes across multicloud environments. Learn how Istio can help different IT teams and understand its architecture and benefits.

Improve resource management, cost control, and governance.

Secure code reviews are crucial for building applications that protect users, developers, and data. Here's everything you need to know to conduct one.

Refining your IIoT design is a key part of building strong cybersecurity resilience in the network architecture. Here's how to add security to every layer.

You may want to think twice before jumping on the AI hype train for your OKRs. Security concerns and algorithmic bias can cause your OKRs to cause more harm than good.

The initial article of this four-part series addresses the fundamentals of EVM and the advantages of creating EVM compatibility for blockchain endeavors.

In this article, Sonar's R&D team will provide an overview of content types and how a minor error resulted in a Cross-Site Scripting vulnerability in Odoo.

Preventing insider threats completely is not always possible, but organizations can minimize the risk and ensure operational resilience if a threat does occur.

Learn how to protect personal data and comply with GDPR regulations. Discover the seven essential measures and understand individual rights.

This article will explain the steps to install a Public SSL certificate and how we can generate a wildcard certificate for our domain free of cost for a lifetime.

Nearly 1500 cybersecurity professionals gathered in Milwaukee for Cyphercon 6. Read the highlights from the largest hacker event in Wisconsin.

Virtualization allows you to create servers, storage devices, and networks all in virtual space — here's why that's beneficial for cybersecurity.

Transforming global supply chain with data streaming and IoT for end-to-end visibility and decision-making in real-time at BMW, Bosch, and Walmart.

Ambient mode is the future of Istio service mesh. This article presents a step-by-step tutorial on how to implement it in GKE or AKS.

These best practices will ensure that the testing of your system is effective and efficient, leading to a successful project outcome.