Microsoft has launched a new Windows Bounty Program, designed to expand its existing security bug bounty programs. While the software giant has previously paid out $100,000 for Windows 8.1 bugs, this new program will see the software giant pay out far more for serious Hyper-V flaws in Windows 10 or Windows Server operating systems.
Microsoft will now pay up to $250,000 for severe Hyper-V vulnerabilities, and security bugs in Microsoft Edge or Windows 10 preview builds will fetch up to $15,000. “Security is always changing and we prioritize different types of vulnerabilities at different points in time,” explains a Microsoft spokesperson in a blog post. “Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities.”
The new Windows Bounty Program launched last week, and will continue indefinitely at Microsoft’s discretion. Any critical or important flaws that affect Windows and a variety of individual features will receive a bounty. Facebook, Google, Apple, Uber, and a variety of other tech companies all offer bug bounties, and they’re designed to tempt researchers into disclosing vulnerabilities early to prevent widespread cyber-attacks.
There’s lots of money to be made here! Last year, a 10-year-old — who is not even old enough to sign up on Facebook — impressed Mark Zuckerberg by hacking Instagram, the photo-sharing application owned by Facebook. The Helsinki-based boy genius, called Jani, received $10,000 from Facebook for identifying a security bug.
Since the Facebook Bug Bounty Program launched in 2011, Facebook has awarded over $4.3 million to more than 800 researchers. The program determines the payout based on a bug’s risk, rather than how complex it may be. In 2015 alone, 210 researchers received $936,000 with an average payout of $1,780.
Many years ago (April 1992 release), Microsoft had a product called Windows for Workgroups. That name made it clear that Windows was different in your office than it was at home. Back then, of course, Microsoft had two versions of Windows. The DOS-based home system, Windows 3.1, which was in use up through Windows XP and the DOS-free Windows NT version. Windows 2000 (February 2000) was the last edition of the OS that was solely aimed at business, even then home users were seeing some advantages to using the more stable “business” version of Windows.
Now things have moved on and there’s one core operating system across not just home and work PCs, but that same core runs Microsoft’s mobile platform and the Xbox One. Windows 10 is more readily adopted by users of all types and we’re just starting to see the benefits of all these platforms running on the same operating system kernel. We’re also starting to see problems.
Business users upgrading to Windows 10 isn’t without its concerns. There’s the ongoing issue of Microsoft’s telemetry which automatically sends information about you and your PC to Microsoft. If this privacy issue does worry you, you can turn it off, but it’s not entirely business friendly. Then there’s the issue of advertisements popping up in Windows 10 and the fact that Microsoft thinks it’s cool to stuff new installs with Candy Crush. These are not business compatible applications and I recall that back in the day, business owners were up in arms over all Windows PC’s coming pre-installed with Solitaire, MineSweeper and Tetris and FreeCell to name just a few.
The recent leak suggests that Microsoft will bring in something called “Windows 10 Pro for Workstations” although it might actually be called “Windows Pro for Advanced PCs” which will help Microsoft move away from the stigma of Windows 10.
The new OS will have a couple of different features:
•Workstation mode enhanced performance – using the multi-core server CPUs to deliver better performance when working on demanding tasks.
•Resilient file system storage – ReFS is Microsoft’s improved file system that was introduced with Windows Server 2012. Support for this was introduced in Windows 8.1 and you can use it now, in Windows 10 if you like. There’s a setup process which involves building a mirror set and formatting them with the new file system. This may be useful for anyone who has to work with a lot of data.
•Faster file sharing – uses SMBDirect to move files quickly and with minimal overhead. Obviously useful in businesses where data is moving about quickly, and a sticky problem with the current version of Windows.
•Expanded hardware support – have 4 CPUs and 6TB of memory in one system. Windows 10 Pro currently only handles 2 CPU’s
Will it help? Probably. Windows 10 is great and offers a lot to home users. On the other hand, I can see why businesses might not be so keen. Some of that is perhaps based on things that aren’t really a big problem, and some will be legitimate concerns (like employees wasting work time on Candy Crush) that Windows for Workstations might address.
Microsoft still needs to win over businesses to Windows 10 or it’s sitting on a ticking support time bomb, and we’ve recently seen how well older versions of Windows work out in business environments – more ransomware attacks anyone. With Windows 7 a short 2 years away from its final curtain call – Microsoft is working hard to get all of its ducks in a row beforehand.
Thanks to the Verge for information on this leak:
Citing a concern that Pokemon Go players are wandering into private property and near electrical equipment, power and utility companies in Florida have asked cybersecurity company LookingGlass to pull Pokemon off the map.
“We’re now in the business of killing Pokemon,” LookingGlass CEO Chris Coleman told CNNMoney.
He said clients have asked LookingGlass to help eliminate the game’s code to get rid of the little creatures in restricted areas. Clients have pinpointed eight locations, and Coleman’s team sends those coordinates to Niantic Labs, the maker of the game, asking that the critters be removed.
Police departments around the country have issued warnings to Pokemon players to stop trespassing on property belonging to businesses, the government or religious institutions. But no one until now has figured out how to rid their property of Pokemon.
The wildly popular smartphone game instructs players to explore their surroundings to collect Pokemon, then it projects digital images of the cute creatures into the real world.
It’s a wholesome, kid-friendly video game. But the merging of digital and physical realms has also caused awkward entanglements.
One teen in Wyoming stumbled upon a dead body in a river while playing the game. Two men fell of a cliff while trying to catch Pokemon with their eyes glued to their screens. Another player crashed into a police car, because he was playing while driving.
These types of accidents aren’t stopping people from playing the game, which has already broken records for its popularity.
Coleman said his cybersecurity company is in a unique position to help eliminate Pokemon(s), because he’s friends with a member of Niantic’s board of directors: Gilman Louie.
Louie is known in cybersecurity circles, because he was the first CEO of In-Q-Tel, the CIA’s venture capital firm that the intelligence agency uses to invest in state-of-the-art technology.
The next challenge for this popular application may come from a new product soon to be available to the masses called Pokédrone. Tech brand TRNDlabs has customized its miniature drone so Pokemon Go video game players can access Pokemon in difficult places and avoid walking into hazards.
The company’s rationale for this product is that sometimes the critters appear in hard-to-reach places, like in the middle of busy roads or hovering above bodies of water – making it difficult or impossible for avid fans to catch them.
Apparently there are disappointed fans all over the world because sometimes a Pokémon occurs on your screen but in reality there is no way for human beings to catch it. According to TRND Labs, the Pokédrone is the solution that delivers the power of catching them all!
We’ve been talking about the slow adoption rate of Windows 10 for many months now. Microsoft’s Windows 10 upgrade policy and its increasing attempts to push users to install the upgrade – in some cases, trying to trick users into upgrading by changing the positions and the wording on some pop-up windows. Now it seems that at least one customer took the fight to court and won a small judgment against the company for how it deployed its latest operating system.
The Seattle Times reports that Teri Goldstein, of Sausalito, California, sued Microsoft after a failed Windows 10 upgrade left her system performing poorly, prone to crashing, and reportedly unusable for multiple days. Given the general issues associated with performing in-place upgrades, even successful ones, it’s not surprising that some users would run into problems. Goldstein reached out to Microsoft customer service to attempt to resolve her issues, but filed suit against the company once it failed to resolve her problems. Her $10,000 figure reflected estimated lost compensation as well as the cost of a new computer system.
Microsoft had appealed the initial judgment but dropped that appeal last month. A spokesperson for the company told the Seattle Times that it denied any wrongdoing and had dropped the appeal to avoid the additional expense of further litigation.
One $10,000 judgment against Microsoft isn’t going to make a blip in the company’s financial earnings or its overall Windows 10 trajectory. But it caps a year of self-inflicted damage regarding Windows 10 and Microsoft’s free upgrade. The repeated changes to Windows 10’s upgrade policy, mandatory data collection, and decisions to kill off patch notes and make all updates mandatory have collectively left a bad taste in many users’ mouths. None of these are fundamental reasons to stop using Windows 10, but they speak to the company’s profound trouble communicating what really should to be a winning strategy. The Windows 10 giveaway was a great concept, and the entire process could’ve been handled in a way that made people want to switch. Instead, Microsoft has been dragging people into upgrading in much the same way you might grab a cat and drag it off for a bath.
With just over a month to go until it officially stops offering free upgrades to Windows 10, Microsoft has yet to budge from its stance that once the one-year mark is done, the company will no longer offer a free upgrade to consumers. Currently, Windows 10 Home is $119, while Windows 10 Pro is $199. Prices are identical between the downloadable and USB versions of the operating system.
Microsoft hasn’t specified how it will price upgrades after the free offer has expired. In the past, upgrade-only versions of the OS typically sold for $50-$70 less than full versions, though this has varied depending on the OS in question. As for whether Microsoft’s recent actions have damaged the company’s long-term relationship with customers, it’s still too soon to tell. Some users claim to have sworn off all Microsoft products or to have disabled Windows Update altogether to avoid the Windows 10 upgrade. I’m sure that such actions don’t reflect average user behavior (and I certainly don’t recommend turning off all OS updates to avoid the inevitable Windows 10 upgrade).
The bigger issue for Microsoft isn’t necessarily the loss of Windows users, but its failure to establish consumers trust and a cooperative relationship at a time when the company is still trying to make major changes to its software distribution model. Microsoft needs enthusiastic buy-in for its various plans from both developers and customers. Unfortunately, that has not yet been the case for Windows 10.
The U.S. Department of Homeland Security has issued a warning to remove Apple’s QuickTime for Windows. The alert came in response to Trend Micro’s report of two security flaws in the software, which will never be patched because Apple has ended support for QuickTime for Windows.
Computers running QuickTime are open to increased risk of malicious attack or data loss, US-CERT warned, and remote attackers could take control of a victim’s computer system. US-CERT is part of DHS’ National Cybersecurity and Communications Integration Center.
“We alerted DHS because we felt the situation was broad enough that people having unpatched vulnerabilities on their system needed to be made aware,” said Christopher Budd, global threat communication manager at Trend Micro. The only mitigation available is to uninstall QuickTime for Windows,” US-CERT’s alert said.
Instructions from Apple can be found here: https://support.apple.com/en-us/HT205771Apple has not discontinued security updates for QuickTime on Apple computer systems – just Windows based systems. It is not clear why Apple made the decision to end Windows support.
Zero Day Warning
Trend Micro’s Zero Day Initiative learned about the vulnerabilities from researcher Steven Seeley of Source Incite, who is named in the warning. ZDI then issued advisories detailing the critical vulnerabilities:
• The Apple QuickTime moov Atom Heap Corruption Remote Code Execution vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime. The problem first came to ZDI’s attention late last year. The number of users at risk is unknown at this time.
• The QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability allows an attacker to write data outside of an allocated heap buffer by providing an invalid index.
Software makers regularly retire applications, so it’s not unusual that QuickTime would be vulnerable. However, it was odd that Apple did not issue a public statement about ending its support for QuickTime for Windows and that the software was still available for download.
Increasing Software Vulnerability
QuickTime joins a growing list of software that is not supported any longer. That list includes Microsoft Windows XP and Oracle Java 6, which means users of those operating systems increasingly will be vulnerable to attack.
DHS didn’t have any comment to add to its alert, said spokesperson Scott McConnell, who referred questions to Apple. Apple did not respond to requests to comment for this story.
The warnings come amid recent reports about computer system vulnerabilities, including one issued just a few days ago about a vulnerability in Adobe’s Flash Player that could leave computers open to ransomware, which can lock up entire systems until an attacker is paid to release control.
Microsoft has published a Windows 10 roadmap for Business and Enterprise customers that reveals upcoming features of the operating system as well as a planned release month for the operating system’s Anniversary Update. Microsoft plans to release the Anniversary Update in July 2016.
While things may change depending on how development progresses, it is very likely that Microsoft will push out the free Anniversary Update to all Windows 10 devices around July 2016.
Upcoming Windows 10 Features
The list of features is probably what’s most interesting from a user’s and administrator’s point of view. While many are designed for Business or Enterprise use, some are available in all editions of the operating system.
Microsoft divides the feature listing into the categories “recently available”, “in public preview”, “in development” and canceled. The “recently available” and “canceled” categories are mysteriously empty from the official roadmap.
In Public Preview
These features are already part of Windows Insider builds or other preview builds of the operating system
•Enterprise Data Protection: Designed to help prevent Enterprise data leaks, even on employee-devices. The feature ships with three protective modes: block, which analyzes activity and blocks employees from completing actions that would lead to inappropriate data sharing, override, which warning employees only, and silent, which logs but does not block or warn.
•Multifactor authentication for apps and websites: Use Windows Hello or Microsoft Passport to authenticate to an application or website.
•Microsoft Edge – Extensions: Extensions support for Microsoft Edge.
•Microsoft Edge – Pinning Tabs: Options to pin tabs in the Microsoft web browser.
These features are currently in development and not available for public preview at this point in time.
•Windows Defender Advanced Threat Protection: A new service to help Enterprises respond to “advanced attacks” on their networks.
•Enhancements to Microsoft Passport: Unclear at this point how these enhancements will look like.
•Use your phone to unlock your Windows PC: Use a Windows or Android phone to unlock Windows 10 PCs, and authenticate with apps and services uses Windows Hello and Microsoft Passport.
•Use Companion Device to unlock your Windows PC: Use devices like the Microsoft Band 2 for Microsoft Passport basic authentication. Can also become a second authentication factor to unlock Windows 10 PCs.
•Touch screen support: Support for touch input when a phone that is compatible with Continuum is connected to a device connected to a touch monitor.
•Laptop-like accessory support: Support for a new accessory that looks like a laptop but does not ship with CPU or operating system. Designed for use with Continuum-compatible phones to use the phone with a laptop-like experience.
•Projecting on PCs: Continuum-supporting phones can not only be connected to standalone monitors or screens, but also to Windows 10 PCs.
•Microsoft Edge – Web Notifications: Adds support for Web Notifications to Microsoft Edge.
•PC to PC casting: Cast from one PC to another.
•Windows Ink: New and improved support for pen and touch-enabled devices.
•Cortana and Action Center Integration: Moves proactive Cortana notifications to the Action Center.
•Remote Display Experience: Windows 10 IoT feature that provides you with options to connect devices without displays remotely to devices with displays.
•Start Menu updates: Improvements to the start menu that make it easier to access all apps, and improve touch input support.
•Picture in Picture: Windows Apps will get a new picture in picture mode.
Why this matters
Software makers tend not to talk about features that they’re still developing and could end up cancelling, but with Windows 10, Microsoft has tried to be more transparent and open to feedback.
Providing a glimpse at far-out features could help businesses plan their updates, and could also help Microsoft prioritize which of those features should come first.
What features would you like added to Windows 10?
Do you own an older Kindle that’s been gathering dust? Get it updated before March 22 or you won’t be able to get online and download your books any more.
This is pretty much their final warning: If you have a Kindle, you need to update it before March 22 or it’s going to lose Internet connectivity.
That outcome would be very bad, because without the update you’ll no longer be able to access the Kindle Store or sync your device with the cloud, not to mention any other Kindle services you might be using. According to Amazon, the update is required to ensure the Kindle remains compliant with continuously evolving industry web standards.
You’ll know if your Kindle didn’t get updated in time because you’ll see the following message on your device: “Your Kindle is unable to connect at this time. Please make sure you are within wireless range and try again. If the problem persists, please restart your Kindle from the Menu in Settings and try again”
If you’ve been using your Kindle regularly then it’s most likely going to be fine. Kindles will update automatically via Wi-Fi, but if the device has been turned off or out of battery for a while, charge it up and make sure you Sync and Check for Items.
When the update has been applied you’ll find a confirmation letter called “03-2016 Successful Update” on your device. You can check for it by viewing all Recent items in your Kindle Library.
The following devices don’t need the update:
Kindle Paperwhite (6th and 7th generation)
Kindle 7th Generation
Kindle Voyage 7th Generation
If you’ve got one of the following, you do need the update:
Kindle 1st Generation (2007)
Kindle 2nd Generation (2009)
Kindle DX 2nd Generation (2009)
Kindle Keyboard 3rd Generation (2010)
Kindle 4th Generation (2011)
Kindle 5th Generation (2012)
Kindle Touch 4th Generation (2011)
Kindle Paperwhite 5th Generation (2012)
Amazon also points out that the Kindle Keyboard 3rd Generation, the Kindle Touch 4th Generation and the Kindle Paperwhite 5th Generation will only update via Wi-Fi, even if you have the 3G connection active.
If you do miss today’s deadline, you’ll need to manually download and install the required update. You can get more information on that process here.
More than 200 million users are currently running Windows 10 and that number is growing rapidly. The temptation to save money with Microsoft’s free upgrade might be so strong that you’re ready to upgrade now.
Should you upgrade now? There are certainly many great reasons to upgrade but a word of caution before you proceed.
Now may be the perfect time for a conversation about upgrading your Windows operating system. This newsletter is designed to make you pause and give serious deliberation to your decision to implement the Windows 10 operating system at this time. As a Microsoft business partner we certainly see the benefits to Windows 10 for many people, but some businesses may want to take more time and do more planning because once you upgrade there is no turning back. (Well, you can downgrade, so long as you have not deleted the windows.old folder. Users have a month to go back without any change in files, on best case installations.)
As you probably know, Microsoft is offering a free Windows 10 upgrade available through July of this year. Upgrading to Windows 10 seems like an easy process, with just a couple of clicks you are up and running.
The decision to upgrade should be made very carefully as it will impact your business and the performance of your IT environment. While it certainly makes sense for Microsoft’s business model and moving to Windows 10 is likely to be inevitable at some point for your business, we recommend that you take the time to more fully understand what is involved in moving from your current operating system to the new Windows 10 environment.
Here are some things to consider:
1. There are different editions of Windows 10. There’s Windows 10 home and Windows 10 Professional. If you choose the free Windows upgrade, you have no choice in the version that you will be receiving. It depends on what you’re upgrading from but in any case it may make sense financially to take advantage of the free upgrade.
2. You also have the ability to control whether your upgrade will take place automatically or manually. I recommend “manually” performing the upgrade just so you are the one in control of the process rather than be surprised the next time you turn on your PC.
3. If you are planning to purchase new PCs or notebooks, we recommend that you consider purchasing a Windows 10 PC. It might be tempting to shop for Windows 8 PCs and upgrade for free but we are not convinced this is the smartest option. Individuals should seriously consider the Windows 10 operating system. In the business world you are likely using a Windows 7 system and possibly considering upgrading for free, while it’s available. It all depends on the line of business applications your company is running.
4. As with any upgrade or downgrade plan you will want to complete a full backup of your data beforehand to avoid any potential problems.
5. Keep in mind that not all PCs can support Windows 10. Before a PC will be upgraded to Windows 10, Microsoft uses a vetting process to help insure your system can handle the upgrade. If you’re buying Windows 10 compatible hardware, then you’re going to be assured of a successful migration.
In summary, you have until the end of July of this year to take advantage of the free Windows 10 upgrade. Deciding whether or not to upgrade now is an important decision for you, especially if saving money is a consideration. To plan the upgrade you’ll need to have a strategy in place very soon.
Windows 7 and 8 are fast approaching their end of sales date for PC’s with Windows preinstalled. That means that as of October 2016, major OEM’s like Dell and HP will no longer be selling PC’s with Windows 7 or 8 preinstalled – so if you replace a PC after this date you will only be able to get one with Windows 10. Keep that in mind especially if your primary line of business application is not supported under Windows 10.
We believe Windows 10 is a solid upgrade for most users, but it’s not for everyone just yet. In some cases, if your primary business software is not compatible with Windows 10 then it may not be for you at all.
Below is a chart showing the Microsoft Windows End of Sale lifecycle to help with planning you upgrade.
People who don’t want to pay for Netflix services can buy stolen log-in credentials on the black market for rock-bottom prices, Symantec reports.
The online security company said it found advertisements and software aimed at cheapskate streamers, though it didn’t mention the names of the shady sites and forums.
Netflix Logins For Sale. The ads, which show Netflix logins for sale for as little as a quarter each, proudly display guarantees of “freshly cracked” accounts. They also ask their “customers” not to spoil the fun by changing passwords or messing with payments, either of which would alert the paying user to the fact that their account has been breached.
It is, of course, illegal — these are stolen accounts, gathered through nefarious means like malware and phishing. But since Netflix takes a laissez-faire approach to sharing accounts, paying users could easily be watching shows at the same time as someone who bought their login for a quarter on the Dark Web.
Netflix CEO Reed Hastings has said in the past that he doesn’t consider password sharing a big problem, and as long as the user base keeps growing (the service just passed 65 million subscribers globally), this common practice is likely to stay that way
Sharing your Netflix log-in? Turns out you might not be the only one who lets a friend or family member log into your Netflix account. In fact, if you don’t, you’re in the minority, according to a poll of over 5,000 Netflix users conducted by Global Web Index.
Only 35 percent of users claimed to be the sole user of the account — 30 percent shared it with one other person, 16 percent with two people, and 19 percent shared it with three or more.
Netflix has plans that permit multiple streams to multiple screens at once, which means they’re fine with accounts being shared to a certain degree. Two spouses and a kid watching a movie shouldn’t require three accounts, of course — but spreading the login among four or five friends might be something the company would like to stop.
Could your account be on one of these lists? It’s hard to say, but one easy way to check is to look at your recently watched shows. If you see a lot you don’t recognize and don’t seem like your style (or that of anyone you share with), you might want to change your password. That simple action will immediately stop your account from being used by others without your permission.
The “Internet of Things” security is badly broken and getting worse. The Shodan search engine is only the latest reminder of why we need to fix IoT security.
Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.
The feed includes images of marijuana plantations, back rooms of banks, infants and children in their homes, kitchens, living rooms, garages, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores. The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place. Shodan crawls the Internet at random looking for IP addresses with open ports. If an open port lacks authentication and streams a video feed, the new script takes a snap and moves on.
While the privacy implications here are obvious, Shodan’s new image feed also highlights the dismal state of IoT security, and raises questions about what we are going to do to fix the problem.
Of course insecure webcams are not exactly a new thing. The last several years have seen report after report hammer home the point. In 2013, the FTC sanctioned webcam manufacturer TRENDnet for exposing “the private lives of hundreds of consumers to public viewing on the Internet.” Today it’s estimated that there are now millions of such insecure webcams connected and easily discoverable with Shodan. That number will only continue to grow.
So why are things getting worse and not better? Webcam manufacturers are in a race to gain market share. Consumers do not perceive value in security and privacy and have not shown a willingness to pay for such things. As a result, webcam manufacturers slash costs to maximize their profit, often on narrow margins. Many webcams now sell for as little as $20.
The problem: Consumers are saying we’re not supposed to know anything about this cybersecurity stuff and the manufacturers don’t want to lift a finger to help users because it costs them money.
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? You may remember in November the story about a 2008-era malware – Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
The bigger picture here is not just personal privacy, but the security of IoT devices. As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby’s crib.
FTC to the Rescue? When it comes to strong-arming manufacturers, government entities like the US Federal Trade Commission (FTC) may be able to help. Maneesha Mithal, associate director of the FTC’s division of privacy and identity protection, was quick to mention several examples where the organization went after at-fault companies. In recent years according to Mithal, the FTC has prosecuted more than 50 cases against companies that did not reasonably secure their networks, products, or services.
The FTC takes action against companies engaged in deceptive or unfair business practices, she explained. That includes IoT manufacturers who fail to take reasonable measures to secure their devices.
In addition to the enforcement action against TRENDnet, the FTC also issued security best practices for IoT manufacturers back in January 2015, urging them to build in security at the design phase rather than bolting it on as an afterthought. These practices could be a “defense-in-depth” strategy to mitigate risks, pushing security patches to connected devices for the duration of the product life cycle, and so on.
As consumers of IoT products it’s our responsibility to learn about the individual security and password settings for the devices we use and secure them to the best of our ability. Just don’t rely on the manufacturer to protect you – they probably won’t.