Spitballing IoT Security

Ca By cb.list6 at gmail.com
Thu Oct 27 21:25:18 UTC 2016


On Thursday, October 27, 2016, Mark Andrews <marka at isc.org> wrote:

>
> In message <16193.1477594538 at segfault.tristatelogic.com <javascript:;>>,
> "Ronald F. Guilmette" writes:
> >
> > In message <20161027112940.GB17170 at ussenterprise.ufp.org <javascript:;>
> >,
> > Leo Bicknell <bicknell at ufp.org <javascript:;>> wrote:
> >
> > >Actually, they encourage you to trade {your old iPhone} in...
> > >...
> > >If your device is too old for that program, they will still take
> > >it for free and recycle it in an enviornmentally friendly way...
> >
> > OK, so good on them.  I do compliment them for their apparent willingness
> > to take back this pile of leachable heavy metals and do something
> > responsible with it.
> >
> > But to come back to the point, what if I really don't -want- to give
> > Apple another several hundred dollars this year?  The baby needs shoes,
> > the gas tank is empty, and maybe I just don't -have- $600+ dollars this
> > month to further enrich their shareholders.
> >
> > My iPhone 3GS still works just fine, for the most part, so if I don't
> > really need all of the new whiz bang features of the newer ones, why
> > would I fork over big bucks to replace it?  Just because TV commercials
> > entice me to do so??
> >
> > The problem is, as I have said, this device is now the Apple equivalent
> > of Windows XP.  There could be a horrendous collection of a dozen or
> > more known critical security bugs in the thing by now, but as someone
> > noted, the last update Apple issued for the thing was in Feb 2014.
>
> But is there?  Can you list a single security bug in iOS 6.1.6 that
> would require a iOS 6.1.7?
>
>
Well, ios 7 - 9.3.4 is in scope for this RCE

https://blog.lookout.com/blog/2016/08/25/trident-pegasus/

And if you view jpegs, you may want to update to 10.1

https://threatpost.com/apple-patches-ios-flaw-exploitable-by-malicious-jpeg/121521/


Yes, it is annoying that iOS 10.x doesn't run on it so that you can't
> newer apps.
>
> > In the medical field, they use the term "orphan drugs" to refer to drugs
> > that have such a low return on investment that no manufacturer has any
> > interest in them anymore.  We don't use that terminology in the tech
> > field because it would be redundant.  *Every* tech product either already
> > is, or soon will be, an orphan.
> >
> > You can't *force* people to throw away or trade-in their old tech
> products,
> > especially when, from the user's point of view, there doesn't -seem- to
> be
> > anything wrong with them... like all of those pre- Sept. 2015 Internet
> video
> > cameras.  (Well, -in theory- you could force people to do this.  You
> could
> > legislate an Obamacare-esque tax which penalized everyone who -didn't-
> > throw away or trade-in their old tech gadgets after, say, 4 years, but I
> > don't think that would go down very well.)
> >
> >
> > Regards,
> > rfg
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> <javascript:;>
>



More information about the NANOG mailing list