Any Solutions for IoT Security Problems?

The_Other_Kelly writes: Okay, it should be clear by now, that IoT Security is not exactly ... comprehensive.

More like, completely lacking.

In discussion about the BrickerBot and Vigilante Botnets, the question arose:
        What products are there, for non-technical people to use to protect their Home/IoT Networks?

While those with the ability and time, can roll-their-own solutions, what off-the-shelf home security
solutions are there?

Has anyone any good proposals?

What Solutions are there?

In the ideal world, everyone would do so, but we do not live in that one.

And the list of IoT devices will expand to include, basically, ... everything.

Every electricity meter, every freezer, every microwave, every TV.

So for the people who cannot create their own solutions, what options are there?

What Solutions are there?


Nobody likes vigilantes! (Not even Batman).

But a serious question: How can people be protected?

While the techies can home brew something, what real products or solutions are
there for the "casuals", the civilians and the "tech-vulnerable" ??

Are there are any fairly cheap, zero configuration overhead solutions out there right now?

Any options?

Je T'Accuse!

"I hereby label Nick Fink as a security risk, a potential terrorist, a possible molester and an unperson.

Worse, he is not a team player.

Based on this irrefutable accusation, and the serious risk of Pre-Crime ... I demand that he be neutralised.
Either interned for life or simply eliminated.

I cannot allow the evidence for this to be scrutinised, since our security, nay our very freedom, depends on secrecy.

Dissent or protest will prove the accusation."

Fascists. We know how this ends.

You're doing it wrong.

Then you have never worked for a modern commercial, technical company!

+ *All* benefits go to management, so their incentive is low cost, rapid delivery.
+ Any and all negatives, are laid on the heads of the technical staff, so again
      the incentive for management is low cost, rapid delivery.
+ While the technical staff, sometimes, have a different opinion, by definition
      nobody cares, since they are "non management". Monkeys make noise? They get the hose.

If by a miracle, the techs manage to actually do competent "Design, construct, test, ship" loops,
then they will be head-count reduced, since there is "fat" there. Wash, repeat.

The reality is that a trained chimp with Google, and either Office or some open source components
and 2 weeks worth of web-design, can duct tape together a minimal version that can fulfill at
least *some* of the customer's requirements. Even if only the color!

Obviously it will be crud, with low performance, no security and completely unmaintainable.

But this becomes the baseline cost!

What are customers willing to pay, over that cost, for the additional quality?
Guess what! NOTHING.

To pay the bonii, investors and the marketing costs, what are most modern tech companies willing
to pay, as a premium, for their employees, to exceed that baseline?
Guess again. Little or nothing.

This is not 1985. Software guys should be aware that electricians, plumbers and car mechanics have
better prospects, more pay and get paid overtime.

The only thing worse, is QA.

Works as Designed

Ah! But the Jocks uphold the system!

Those who support, always get special treatment, the only sin being to challenge established "Truths".

So, if the Jocks beat on the weak, the marginal, the dissenters, then they will be either ignored
or discretely applauded and supported.

And by Jocks, I mean Police, LEO, Spooks, and the various pillars of society.

I really wish that I was wrong.
I wish that things were not, what they have become.

Works as Designed


Were you not listening, reading or watching for the past decade?

What did you not understand?
This. Is. Corporatism! (Not Sparta! 8-))

An under-educated class, born to be in debt, endlessly conditioned to obey, bred under pain of punishment, to Serve.

In this model, Authority is there to Rule, not to Adjudicate, so any attempt, no matter how trivial, to resist, to dissent, or,
as in this case, to provide any alternative to the Authority defined and controlled processes, will *always* be harshly punished.
As subversive.

Appeals for protection justify further exploitation, since the weak deserve to be hurt, and the system serves only the strong.
Might is Right, and don't bleed on the floor.

The only element missing is religion: "If Jaysus loved you, you wouldn't be picked on".

This school has a board.
This municipality has elected officials.
The Majority of the people in this area voted for this.
Your neighbours, colleagues and fellow-parents?
They want this.

This is what modern Western society has become.

The Greatest Lie?

I am a respected employee and colleague, and by collaborating we will build
interesting products, to be proud of. By working hard and learning more, I
will be promoted and paid more. Ultimately, I will reach retirement age and
spend an enjoyable time with my family, in retirement, perhaps even as
a non-executive director, until I die, of old age, surrounded by my loving
family, in my own bed.

As. If.

Have fun with that ...

Looked for, found, reported, was fired.

I was the responsible IT manager, over all devs. admins, ops and security.

Reviewed all contracts and implementations, upon taking over the job.

Discovered some seriously, bad stuff.

Developed plan to *quietly*, discretely, repair over short time period.
"Rebury the bodies"

Turned out the responsible party was the CEO's favorite, "baby shark".

Got cardboard boxed. Out day after board presentation.

So it goes.

Interesting point:

All of those devs, techs and security people who moan about the lack of management support?
How many of you have ever supported or somehow defended *any* manager who tried to help you, to do the right thing?

Speaking personally, I would guess ... None of you. "Not my problem" attitude, up and down.

Maybe you have all been luckier.

