Spitballing IoT Security
marka at isc.org
Thu Oct 27 08:49:39 UTC 2016
In message <12439.1477528028 at segfault.tristatelogic.com>, "Ronald F. Guilmette" writes:
> In message <20161026205800.7188D57B29B8 at rock.dv.isc.org>,
> Mark Andrews <marka at isc.org> wrote:
> >Actually things have changed a lot in a positive direction.
> >* Microsoft, Apple, Linux and *BSD issue regular fixes for their
> > products and users do intall them.
> At the risk of repeating a point I have already made in this thread, please
> do let me know how I can obtain this month's security patches for my iPhone
Your assuming that there is a need for a security update each month.
The feature set is pretty stable at this point.
> (Note that Wikipedia says that this device was only formally discontinued
> by the manufacturer as of September 12, 2012, i.e. only slightly more
> than 4 short years ago. Nontheless, the current "security solution" for
> this product, as made available from the manufacturer... a manufacturer
> which is here being held up as a shining example of ernest social responsi-
> bility... is for me to contribute the entire device to my local landfill,
> where it will no doubt leach innumerable heavy metals into the soil for
> my children's children's children to enjoy.)
Well the last update for the 3GS was iOS 6.1.6 in Feb 2014.
> >> - Manufacturers need to be held accountable for devices that go on the
> >> internet...
> My iPhone 3GS "goes on the Internet".
> Through no fauly of my own, it is also, apparently, destined in short order
> to "go onto" a landfill, if not here, then in China or India, where a
> pitiful plethora of shoeless and sad-eyed third-world waifs will spend
> their childhoods picking through the mand-made mountains of e-refuse in a
> daily and desperate search for of anything of value.
> In short, if the "good" companies, like Apple, are the solution to the problem,
> then I obviously misunderstood what "the problem" is, and would be obliged
> if someone (anyone) would re-phrase it for me in simpler terms, for the
> benefit of my limited little noggin.
> In lieu of that, for the moment I'd just like to emphasize again that it
> is my opinion that any "solution" to the now self-evident IoT problems
> which relies, even in the slightest, upon manufacturers providing a con-
> tinuous and timely stream of security updates is a fantasy. Wishful
> thinking, pure and simple. When even the "good" companies have built
> their fortunes and entire business models around convincing/forcing
> everyone to purchase "new and improved" units every two years, at a
> maximum, and when the same said companies stop issuing patches of any
> kind for products that have only departed the corporate price list
> three years earlier, then one shudders to even contemplate what the
> contribution of the "bad" companies will be to this ongoing catastrophy.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG