nanog mailing list archives
Re: Spitballing IoT Security
From: Josh Reynolds <josh () kyneticwifi com>
Date: Wed, 26 Oct 2016 22:54:17 -0500
i think this would be the most effective route proposed so far. May the force be with you :) On Wed, Oct 26, 2016 at 12:19 PM, Leo Bicknell <bicknell () ufp org> wrote:
In a message written on Wed, Oct 26, 2016 at 08:06:34AM -0400, Rich Kulawiec wrote:The makers of IoT devices are falling all over themselves to rush products to market as quickly as possible in order to maximize their profits. They have no time for security. They don't concern themselves with privacy implications. They don't run networks so they don't care about the impact their devices may have on them. They don't care about liability: many of them are effectively immune because suing them would mean trans-national litigation, which is tedious and expensive. (And even if they lost: they'd dissolve and reconstitute as another company the next day.) They don't even care about each other -- I'm pretty sure we're rapidly approaching the point where toasters will be used to attack garage door openers and washing machines.You are correct. I believe the answer is to have some sort of test scheme (UL Labratories?) for basic security and updateability. Then federal legislation is passed requiring any product being imported into the country to be certified, or it is refused. Now when they rush to market and don't get certified they get $0 and go out of business. Products are stopped at the boader, every shipment is reviewed by authorities, and there is no cross boarder suing issue. Really it's product safety 101. UL, the CPSC, NHTSA, DOT and a host of others have regulations that if you want to import a product for sale it must be safe. It's not a new or novel concept, pretty much every country has some scheme like it. -- Leo Bicknell - bicknell () ufp org PGP keys at http://www.ufp.org/~bicknell/
Current thread:
- Re: Spitballing IoT Security, (continued)
- Re: Spitballing IoT Security tim () pelican org (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security knack via NANOG (Oct 27)
- Re: Spitballing IoT Security Leo Bicknell (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Ken Matlock (Oct 27)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 27)
- Re: Spitballing IoT Security Laszlo Hanyecz (Oct 27)
- Re: Spitballing IoT Security bzs (Oct 26)
- Re: Spitballing IoT Security Valdis . Kletnieks (Oct 26)
- Re: Spitballing IoT Security Josh Reynolds (Oct 26)
- Re: Spitballing IoT Security Randy Bush (Oct 26)
- Re: Spitballing IoT Security Ronald F. Guilmette (Oct 26)
- Re: Spitballing IoT Security Mark Andrews (Oct 26)
- Re: Death of the Internet, Film at 11 bzs (Oct 24)
- Re: Death of the Internet, Film at 11 Mike Hale (Oct 24)
- Re: Death of the Internet, Film at 11 bzs (Oct 25)
- Re: Death of the Internet, Film at 11 John Weekes (Oct 24)
- Re: Death of the Internet, Film at 11 bzs (Oct 25)
- Re: Death of the Internet, Film at 11 Chris Boyd (Oct 25)