IoT security

bzs at theworld.com bzs at theworld.com
Thu Feb 9 23:22:20 UTC 2017


On February 9, 2017 at 12:04 rsk at gsp.org (Rich Kulawiec) wrote:
 > On Wed, Feb 08, 2017 at 08:30:15AM -0800, Damian Menscher wrote:
 > > The devices are trivially compromised (just log in with the default root
 > > password).  So here's a modest proposal: log in as root and brick the
 > > device.
 > 
 > No.  It's never a good idea to respond to abuse with abuse.  Not only
 > is it unethical and probably illegal (IANAL, this is not legal advice)
 > but it won't take more than a day for someone to figure out that this
 > is happening and use some variety of misdirection to cause third parties
 > to target devices that aren't actually part of the problem.

Ok but what if you broke in and fixed their security w/o breaking the
user experience? Would a vendor, presented with a good demo, sign off
on that? If so isn't it just a mandatory patch?

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*



More information about the NANOG mailing list