The Internet of Fails: Where IoT Has Gone Wrong and How We're Making It Right presented at defcon 2014

by Zach Lanier, Mark Stanislav,

Summary : This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet of Things". Mark and Zach will discuss IoT security failures both from their own research as well as the work of people they admire. Attendees are invited to laugh/cringe at concerning examples of improper access control, a complete lack of transport security, hardcoded-everything, and ways to bypass paying for stuff.
Mark and Zach will also discuss the progress that their initiative, BuildItSecure.ly, has made since it was announced this past February at B-Sides San Francisco. Based on their own struggles with approaching smaller technology vendors with bugs and trying to handle coordinated disclosure, Mark and Zach decided to change the process and dialog that was occurring into one that is inclusive, friendly, researcher-centric. They will provide results and key learnings about the establishment of this loose organization of security-minded vendors, partners, and researchers who have decided to focus on improving information security for bootstrapped/crowd-funded IoT products and platforms.

Zach Lanier: Zach is a Senior Consultant with the Intrepidus Group, specializing in network and web application penetration testing. Prior to joining Intrepidus Group's professional services team, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Both Jon and Zach have presented at numerous security conferences (eg. BlackHat, CanSecWest, SOURCE Boston, SecTor, etc).

Mark Stanislav: Mark Stanislav holds his Bachelor's in Networking and IT Administration and is currently pursuing his Master's in Network Security -- both from Eastern Michigan University. Mark is a Linux systems administrator for a popular digital promotions company just outside of Detroit by day, and an adjunct lecturer at EMU by night (literally). Mark teaches both the entry-level and advanced Linux courses at EMU and created the curriculum for both from scratch. Mark's technology interests involve Linux, PHP-based web development, information security, and Apple products. Mark also runs a security news web site called uncompiled.com and last presented here at NOTACON 2005.