Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Don't Hook Crap to The Internet Unless You Need (Score 1) 165

The problem is this though. The people that are attaching these devices are largely unaffected by this. They got some cheap device of some sort that at least somewhat does what the purchaser wants, and their own device isn't attacking their own machines.

And the manufacturers don't care either. And even if they did, what are the chances that they would have any amount of success getting people to upgrade firmware?

Comment Re:This is how you spell "shakedown"... (Score 1) 128

I think VW gambled that they would only get a slap on the wrist. But had that happened, then cheating by other manufacturers would be rather likely. The EPA wanted t make an example of VW so that nobody else would be tempted to do the same thing.

I would note that there are cities all over the world with serious smog problems, and most of them are not in the first world.

Comment The problem is that nobody owns this.. (Score 1) 351

There is no one person or class of persons who essentially owns this. The problem is a confluence of a number of factors, and so far all I see is fingerpointing as to whose job it is to clean up this mess.

First you have manufacturers that don't give a crap. Their objective is to turn out crap as cheaply as possible, and they only need to work well enough that the customer won't return it to the store.

You have the retailers. Most of whom don't know much about the items themselves. All they care is that customers not return them for being broken or too hard to configure.

You have consumers. They want cheap shit, and it needs to be totally idiot-proof to get working. Some will go out of their way to purchase directly from overseas e-stores just to save a few bucks. If it is too hard to configure, they will return the item, but they will seldom return something because it has default telnet credentials that the user cannot change.

You have ISPs. They added UPNP to their routers to support lamers and other sorts of devices. And you also have ISPs who have not yet added support for the RFC to control forged addresses. And you have ISPs who strongly believe that their job is to deliver packets, and they want no part in filtering anything that comes from a customer machine.

You have the standards body that came up with UPNP. They assumed that people building the objects would do a halfway decent job, and they blindly open up whatever ports the device behind the firewall asks for.

You have the standards body that decided that DNS should be both TCP and UDP. Yeah, I know it is faster, but it is also far easier to do an attack with a forged sender.

And then you have people who run the networks and machines that are under attack. They bear the brunt of it, but for the most part they don't have much of a role.

Given that nobody wants to take ownership of this, to me it means that we will never have complete cooperation. We will never get all of the ISPs on board. We will certainly never get all of the consumers on board, and we will certainly never get all of the retailers on board.

Slashdot Top Deals

According to all the latest reports, there was no truth in any of the earlier reports.