Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Subscribe to Doug Lane
Subscribe to Doug Lane
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
One of the scary things about yesterday's IoT botnet example is that it doesn't take many product vendor security misfires to create one.
Consider this example. In August 2021, content delivery network (CDN) provider Cloudflare absorbed an IoT botnet attack that was generating 17.2 million requests per second at its peak. Kind of a lot, right?
The same botnet, known as Meris, took down Yandex (basically Russian Google) around the same time with an attack that peaked at 21.8 million requests per second.
So you might think Meris must have enlisted many different kinds of IoT devices to pack that much punch, right?
Nope.
It is primarily powered by hijacked devices from a single vendor you've probably never heard of: Latvian networking gear company MikroTik. (Meris is the Latvian word for "plague," apparently.)
And the really scary part is that MikroTik released a patch for the vulnerability Meris exploits in 2018 and has been doing active outreach to customers. But there are still a couple hundred thousand devices whose owners missed the memo.
So, this is a pretty good illustration of how narrow the margin of error is when it comes to getting IoT device security practices right.
-Doug
One of the scary things about yesterday's IoT botnet example is that it doesn't take many product vendor security misfires to create one.
Consider this example. In August 2021, content delivery network (CDN) provider Cloudflare absorbed an IoT botnet attack that was generating 17.2 million requests per second at its peak. Kind of a lot, right?
The same botnet, known as Meris, took down Yandex (basically Russian Google) around the same time with an attack that peaked at 21.8 million requests per second.
So you might think Meris must have enlisted many different kinds of IoT devices to pack that much punch, right?
Nope.
It is primarily powered by hijacked devices from a single vendor you've probably never heard of: Latvian networking gear company MikroTik. (Meris is the Latvian word for "plague," apparently.)
And the really scary part is that MikroTik released a patch for the vulnerability Meris exploits in 2018 and has been doing active outreach to customers. But there are still a couple hundred thousand devices whose owners missed the memo.
So, this is a pretty good illustration of how narrow the margin of error is when it comes to getting IoT device security practices right.
-Doug
No activity yet