Internet of Things insecurity is our fault

Normally I don’t comment on products/industries security because I believe that market is the best arbiter and I just got other stuff to worry about, but IoT is different. IoT are products of high interest of regular non-techy people, who have no clue about security aspects of the shiny WiFi-managed light bulb they just bought on Aliexpress for $3.
Only InfoSec professionals can change the status quo in the market largely represented by people buying IoT devices for personal usage. Continue reading “Internet of Things insecurity is our fault”

BugBounties changed InfoSec world for better

Graphic from tripwire.com

Just four years ago, before that Bug Bounty madness started off for real, many companies had pathetic security posture. Okay, let’s be real here, most organizations, because many isn’t emphasizing enough. In just 4 years the raise of security awareness and general improvements of organisations security posture are really prominent.

I’ll show you proofs one day, I’m just lazy and can’t push myself to migrate bug reports in high profile companies from mail archive to the blogposts. But I promise to do it, so everyone can get a sense of how webapps world looked like just 3–4 years ago and how vulnerable everything was to anyone willing to spend a fifteen minutes looking for bugs. Continue reading “BugBounties changed InfoSec world for better”