Re: IoT security, was Krebs on Security booted off Akamai network

[Jim Shankland <nanog () shankland org>]

On 10/9/16 11:30 AM, Valdis.Kletnieks () vt edu wrote:
> On Sun, 09 Oct 2016 18:05:20 -0000, Mel Beckman said:
> > I don't know why it's "sub optimal" to use the cloud from an isolated network. Can you elaborate?
> Why should something out in the cloud have any part of the communication,
> other than perhaps telling your cellphone the current address of your widget?
>
> (And *that* should probably have a standardized protocol/service rather than
> every vendor rolling their own.  Hello, IETF?)
>
> And even *that* can be bypassed if you cellphone is able to talk to your
> home network directly.

A fair question, if it's intended rhetorically. If not, then the short 
answer is: because monetizing your personal information is a large 
(possibly dominant) part of the IoT business model, today.

Rampant security holes don't necessarily perturb that model excessively 
-- though goodness knows they should, and maybe eventually they will. In 
the meantime, we have what Zeynep Tufekci has called the "Internet of 
Hacked Things" (anybody want to help get the acronym IoHT into general 
currency?).

Jim