nanog mailing list archives
Re: IoT security
From: William Herrin <bill () herrin us>
Date: Thu, 9 Feb 2017 14:54:26 -0500
On Thu, Feb 9, 2017 at 12:04 PM, Rich Kulawiec <rsk () gsp org> wrote:
On Wed, Feb 08, 2017 at 08:30:15AM -0800, Damian Menscher wrote:The devices are trivially compromised (just log in with the default root password). So here's a modest proposal: log in as root and brick the device.No. It's never a good idea to respond to abuse with abuse.
Hi Rich, On that we agree. Vigilantism is a non-starter.
[regarding the tattler kill switch] 2. This will allow ISPs to build a database of which customers have which IOT devices. This is an appalling invasion of privacy.
Is there some way an industry association could overcome this? Perhaps have some trivial way to assign each model of IoT device some kind of integer and have the device report the integer instead of its plain text manufacturer and hardware model number? Where the assigned integer is intentionally not published by the industry association though of course trivially determinable by anyone who owns one of the devices. Wouldn't especially impair building a database of vulnerable devices but it would raise the bar for trying to turn the self-reporting in to business intelligence. Particularly if industry association rules forbid retaining a record of device self-reports on pain of whatever. Regards, Bill Herrin -- William Herrin ................ herrin () dirtside com bill () herrin us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
Current thread:
- Re: IoT security, (continued)
- Re: IoT security Carl Byington (Feb 08)
- Re: IoT security clinton mielke (Feb 08)
- Re: IoT security valdis . kletnieks (Feb 08)
- Re: IoT security clinton mielke (Feb 08)
- Re: IoT security valdis . kletnieks (Feb 09)
- Re: IoT security clinton mielke (Feb 09)
- Re: IoT security Marco Slater (Feb 10)
- Re: IoT security clinton mielke (Feb 10)
- Re: IoT security clinton mielke (Feb 10)
- Re: IoT security Rich Kulawiec (Feb 09)
- Re: IoT security William Herrin (Feb 09)
- Re: IoT security valdis . kletnieks (Feb 09)
- Re: IoT security bzs (Feb 09)
- Re: IoT security William Herrin (Feb 07)
- Re: IoT security Michael Thomas (Feb 07)
- RE: IoT security Keith Medcalf (Feb 09)
- Re: IoT security Rich Kulawiec (Feb 10)