Comment Re:Sly (Score 1) 396
Sorry, no, won't work. See, in order to get a valid SSL cert installed, it has to match the FQDN, or you still get warnings. Which means the embedded device suddenly needs writable storage and routines for uploading said cert, which is a much bigger security risk than someone setting up a man-in-the-middle attack inside your home between you and your DVR.
There are thousands of different web-enabed devices on networks, accessible through unencrypted methods. Because most of them they don't need it. I don't need a certificate on my printer any more than I need auto-locking doors everywhere in my house.
It's only adding overhead, and not giving any tangible benefits.
SSL isn't a silver bullet. It's mostly theater, giving the unwashed masses a feeling of security. It's not implemented in a secure way, but relies on distributed trust - a system that doesn't work.
You have to be horribly ignorant to trust that none of the CAs in your browser's or OS' key store have been compromised, or handed out to someone. Do you verify that the certificate for "secure" sites you visit actually are from the signing authority the web site is expected to use? No? Then how can you possibly trust it?
It's worse than nothing in that it makes you feel warm and cozy and safe, and lulls you into a false sense of security, much like AV software does.
Security is a state of mind. Not a technical piece of shit you can force on everything and say "look, it's secure now!"