nanog mailing list archives

Re: IoT security

From: bzs () theworld com
Date: Thu, 9 Feb 2017 18:22:20 -0500


On February 9, 2017 at 12:04 rsk () gsp org (Rich Kulawiec) wrote:

On Wed, Feb 08, 2017 at 08:30:15AM -0800, Damian Menscher wrote:

The devices are trivially compromised (just log in with the default root
password).  So here's a modest proposal: log in as root and brick the
device.


No.  It's never a good idea to respond to abuse with abuse.  Not only
is it unethical and probably illegal (IANAL, this is not legal advice)
but it won't take more than a day for someone to figure out that this
is happening and use some variety of misdirection to cause third parties
to target devices that aren't actually part of the problem.


Ok but what if you broke in and fixed their security w/o breaking the
user experience? Would a vendor, presented with a good demo, sign off
on that? If so isn't it just a mandatory patch?

-- 
        -Barry Shein

Software Tool & Die    | bzs () TheWorld com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Current thread:

Re: IoT security, (continued)
- - - Re: IoT security valdis . kletnieks (Feb 08)
    - Re: IoT security clinton mielke (Feb 08)
    - Re: IoT security valdis . kletnieks (Feb 09)
    - Re: IoT security clinton mielke (Feb 09)
    - Re: IoT security Marco Slater (Feb 10)
    - Re: IoT security clinton mielke (Feb 10)
    - Re: IoT security clinton mielke (Feb 10)
    - Re: IoT security Rich Kulawiec (Feb 09)
    - Re: IoT security William Herrin (Feb 09)
    - Re: IoT security valdis . kletnieks (Feb 09)
    - Re: IoT security bzs (Feb 09)
    - Re: IoT security William Herrin (Feb 07)
    - Re: IoT security Michael Thomas (Feb 07)
- Re: IoT security Ray Soucy (Feb 07)
  - RE: IoT security Keith Medcalf (Feb 09)
  - Re: IoT security Rich Kulawiec (Feb 10)
- Re: IoT security Michael Yoon (Feb 08)