Saw this on Boing Boing, thanks again to Cory. Junade Ali at CloudFlare catalogs a few practices implementing IoT devices that contribute to the overall poor state of security. Importantly, there are recommend alternatives that maintain or improve security. We clearly need more of this, alongside existing resources like the OWASP security guide, both for manufacturers and for expert users to effectively hole them to account.
Tag: IoT
Malware that permanently disables non-secure IoT devices
Karl Bode at Techdirt has a good corollary to the article I shared earlier today about the hajime worm. The motivations are arguably similar between that worm and these PDoS malwares. The approach in the latter case is much more drastic, to so badly damage the targeted devices so as to remove them from the Internet.
Vaccinating IoT worm possibly uncovered
A bad idea comes back around, this time applied to the Internet of Things. The notion of a bit of self propagating code that defends instead of attacks is arguably as old as the Internet. It is never a good idea given the huge space of unintended consequences from unpredictable interactions with existing software to simple bugs exposing affected devices even more so than untouched ones. It is always better for devices owners to be aware of updates to their devices, ideally through a known and trusted mechanism.
2016-01-03 The Command Line Podcast
This is an episode of The Command Line Podcast.
This time, I chat about some recent news stories that caught my attention, including:
- How the Internet of Things Limits Consumer Choice
- Tracing the Dynabook
- China Using US Encryption Fight To Defend Its New Encryption Backdoor Mandate
- Comcast Cap Blunder Highlights How Nobody Is Ensuring Broadband Meters Are Accurate
- New York is finally installing its promised public gigabit Wi-Fi
- After A Decade Of Waiting For Verizon, Town Builds Itself Gigabit Fiber For $75 Per Month
- The App-ocalypse: can Web standards make mobile apps obsolete?
- Tools, ads, and bad defaults: Web bloat continues unabated
- Google plans to remove Oracle’s Java APIs from Android N
- Microsoft to notify users of government spying after Chinese Hotmail hack goes public
- Lessig on how the economics of data-retention will drive privacy tech
- Debian Linux founder Ian Murdock dead at 42
You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.
You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.