Spitballing IoT Security

Ronald F. Guilmette rfg at tristatelogic.com
Thu Oct 27 00:27:08 UTC 2016

In message <20161026205800.7188D57B29B8 at rock.dv.isc.org>, 
Mark Andrews <marka at isc.org> wrote:

>Actually things have changed a lot in a positive direction.
>* Microsoft, Apple, Linux and *BSD issue regular fixes for their
>  products and users do intall them.

At the risk of repeating a point I have already made in this thread, please
do let me know how I can obtain this month's security patches for my iPhone

(Note that Wikipedia says that this device was only formally discontinued
by the manufacturer as of September 12, 2012, i.e. only slightly more
than 4 short years ago.  Nontheless, the current "security solution" for
this product, as made available from the manufacturer... a manufacturer
which is here being held up as a shining example of ernest social responsi-
bility... is for me to contribute the entire device to my local landfill,
where it will no doubt leach innumerable heavy metals into the soil for
my children's children's children to enjoy.)

>> - Manufacturers need to be held accountable for devices that go on the
>> internet...

My iPhone 3GS "goes on the Internet".

Through no fauly of my own, it is also, apparently, destined in short order
to "go onto" a landfill, if not here, then in China or India, where a
pitiful plethora of shoeless and sad-eyed third-world waifs will spend
their childhoods picking through the mand-made mountains of e-refuse in a
daily and desperate search for of anything of value.


In short, if the "good" companies, like Apple, are the solution to the problem,
then I obviously misunderstood what "the problem" is, and would be obliged
if someone (anyone) would re-phrase it for me in simpler terms, for the
benefit of my limited little noggin.

In lieu of that, for the moment I'd just like to emphasize again that it
is my opinion that any "solution" to the now self-evident IoT problems
which relies, even in the slightest, upon manufacturers providing a con-
tinuous and timely stream of security updates is a fantasy.  Wishful
thinking, pure and simple.  When even the "good" companies have built
their fortunes and entire business models around convincing/forcing
everyone to purchase "new and improved" units every two years, at a
maximum, and when the same said companies stop issuing patches of any
kind for products that have only departed the corporate price list
three years earlier, then one shudders to even contemplate what the
contribution of the "bad" companies will be to this ongoing catastrophy.


More information about the NANOG mailing list