nanog mailing list archives
Re: Spitballing IoT Security
From: Ca By <cb.list6 () gmail com>
Date: Thu, 27 Oct 2016 14:25:18 -0700
On Thursday, October 27, 2016, Mark Andrews <marka () isc org> wrote:
In message <16193.1477594538 () segfault tristatelogic com <javascript:;>>, "Ronald F. Guilmette" writes:In message <20161027112940.GB17170 () ussenterprise ufp org <javascript:;> , Leo Bicknell <bicknell () ufp org <javascript:;>> wrote:Actually, they encourage you to trade {your old iPhone} in... ... If your device is too old for that program, they will still take it for free and recycle it in an enviornmentally friendly way...OK, so good on them. I do compliment them for their apparent willingness to take back this pile of leachable heavy metals and do something responsible with it. But to come back to the point, what if I really don't -want- to give Apple another several hundred dollars this year? The baby needs shoes, the gas tank is empty, and maybe I just don't -have- $600+ dollars this month to further enrich their shareholders. My iPhone 3GS still works just fine, for the most part, so if I don't really need all of the new whiz bang features of the newer ones, why would I fork over big bucks to replace it? Just because TV commercials entice me to do so?? The problem is, as I have said, this device is now the Apple equivalent of Windows XP. There could be a horrendous collection of a dozen or more known critical security bugs in the thing by now, but as someone noted, the last update Apple issued for the thing was in Feb 2014.But is there? Can you list a single security bug in iOS 6.1.6 that would require a iOS 6.1.7?
Well, ios 7 - 9.3.4 is in scope for this RCE https://blog.lookout.com/blog/2016/08/25/trident-pegasus/ And if you view jpegs, you may want to update to 10.1 https://threatpost.com/apple-patches-ios-flaw-exploitable-by-malicious-jpeg/121521/ Yes, it is annoying that iOS 10.x doesn't run on it so that you can't
newer apps.In the medical field, they use the term "orphan drugs" to refer to drugs that have such a low return on investment that no manufacturer has any interest in them anymore. We don't use that terminology in the tech field because it would be redundant. *Every* tech product either already is, or soon will be, an orphan. You can't *force* people to throw away or trade-in their old techproducts,especially when, from the user's point of view, there doesn't -seem- tobeanything wrong with them... like all of those pre- Sept. 2015 Internetvideocameras. (Well, -in theory- you could force people to do this. Youcouldlegislate an Obamacare-esque tax which penalized everyone who -didn't- throw away or trade-in their old tech gadgets after, say, 4 years, but I don't think that would go down very well.) Regards, rfg-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org <javascript:;>
Current thread:
- Re: Spitballing IoT Security, (continued)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Edward Dore (Oct 27)
- Re: Spitballing IoT Security Alan Buxey (Oct 27)
- Re: Spitballing IoT Security Mark Andrews (Oct 27)
- RE: Spitballing IoT Security Emille Blanc (Oct 27)
- Re: Spitballing IoT Security Edward Dore (Oct 27)
- Re: Spitballing IoT Security -- Dancing around a solution Stephen Satchell (Oct 27)
- Re: Spitballing IoT Security Leo Bicknell (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Mark Andrews (Oct 27)
- Re: Spitballing IoT Security Ca By (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Jon Lewis (Oct 27)
- RE: Spitballing IoT Security Emille Blanc (Oct 27)
- Re: Spitballing IoT Security Rich Kulawiec (Oct 28)
- Re: Spitballing IoT Security Geoffrey Keating (Oct 27)
- Re: Spitballing IoT Security John Levine (Oct 27)
- Re: Spitballing IoT Security Leo Bicknell (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Chris Boyd (Oct 26)
- Re: Spitballing IoT Security Mark Andrews (Oct 26)