![DEF CON 22 [Materials] Speeches from the Hacker Convention. artwork](https://is2-ssl.mzstatic.com/image/thumb/Podcasts113/v4/82/04/33/820433a7-10a6-87a7-aea8-9e5e71907412/mza_1749050550477263526.jpg/100x100bb.jpg)
Mark Stanislav & Zach Lanier - The Internet of Fails - Where IoT Has Gone Wrong and How We're Making It Right
DEF CON 22 [Materials] Speeches from the Hacker Convention.
English - December 13, 2014 23:29 - 30.3 MBTechnology Education How To def con defcon hacking hacker conference computer security security research defcon 22 def con 22 dc-22 dc22 Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right
Mark Stanislav Security Evangelist, Duo Security
Zach Lanier Sr. Security Researcher, Duo Security
This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet of Things". Mark and Zach will discuss IoT security failures both from their own research as well as the work of people they admire. Attendees are invited to laugh/cringe at concerning examples of improper access control, a complete lack of transport security, hardcoded-everything, and ways to bypass paying for stuff.
Mark and Zach will also discuss the progress that their initiative, BuildItSecure.ly, has made since it was announced this past February at B-Sides San Francisco. Based on their own struggles with approaching smaller technology vendors with bugs and trying to handle coordinated disclosure, Mark and Zach decided to change the process and dialog that was occurring into one that is inclusive, friendly, researcher-centric. They will provide results and key learnings about the establishment of this loose organization of security-minded vendors, partners, and researchers who have decided to focus on improving information security for bootstrapped/crowd-funded IoT products and platforms.
If you're a researcher who wants to know more about attacking this space, an IoT vendor trying to refine your security processes, or just a consumer who cares about their own safety and privacy, this talk will provide some great insights to all of those ends.
Mark Stanislav is the Security Evangelist for Duo Security. With a career spanning over a decade, Mark has worked within small business, academia, startup and corporate environments, primarily focused on Linux architecture, information security, and web application development. He has presented at over 70 events internationally including RSA, ShmooCon, SOURCE Boston, and THOTCON. His security research has been featured on web sites including CSO Online, Security Ledger, and Slashdot. Mark holds a B.S. in Networking & IT Administration and an M.S. in Information Assurance, both from Eastern Michigan University. Mark is currently writing a book titled, "Two-Factor Authentication" (published by IT Governance).
Twitter: @markstanislav
Web: https://www.duosecurity.com ; http://www.uncompiled.com; http://builditsecure.ly
Zach Lanier is a Senior Security Researcher at Duo Security. Though an old net/web/app pen tester type, he has been researching mobile and embedded device security since 2009, ranging from app security, to platform security (especially Android); to device, network, and carrier security. He has presented at various public and private industry conferences, such as BlackHat, DEFCON, INFILTRATE, ShmooCon, RSA, Amazon ZonCon, and more. He is also a co-author of the "Android Hacker's Handbook" (published by Wiley).
Twitter: @quine
Web: https://www.duosecurity.com ; https://n0where.org ; http://builditsecure.ly