Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment The problem is that nobody owns this.. (Score 1) 296

There is no one person or class of persons who essentially owns this. The problem is a confluence of a number of factors, and so far all I see is fingerpointing as to whose job it is to clean up this mess.

First you have manufacturers that don't give a crap. Their objective is to turn out crap as cheaply as possible, and they only need to work well enough that the customer won't return it to the store.

You have the retailers. Most of whom don't know much about the items themselves. All they care is that customers not return them for being broken or too hard to configure.

You have consumers. They want cheap shit, and it needs to be totally idiot-proof to get working. Some will go out of their way to purchase directly from overseas e-stores just to save a few bucks. If it is too hard to configure, they will return the item, but they will seldom return something because it has default telnet credentials that the user cannot change.

You have ISPs. They added UPNP to their routers to support lamers and other sorts of devices. And you also have ISPs who have not yet added support for the RFC to control forged addresses. And you have ISPs who strongly believe that their job is to deliver packets, and they want no part in filtering anything that comes from a customer machine.

You have the standards body that came up with UPNP. They assumed that people building the objects would do a halfway decent job, and they blindly open up whatever ports the device behind the firewall asks for.

You have the standards body that decided that DNS should be both TCP and UDP. Yeah, I know it is faster, but it is also far easier to do an attack with a forged sender.

And then you have people who run the networks and machines that are under attack. They bear the brunt of it, but for the most part they don't have much of a role.

Given that nobody wants to take ownership of this, to me it means that we will never have complete cooperation. We will never get all of the ISPs on board. We will certainly never get all of the consumers on board, and we will certainly never get all of the retailers on board.

Comment Re:Solve the IoT security conundrum (Score 1) 74

And who then is responsible?

The manufacturer? They are undoubtedly under pressure to keep the costs as low as possible, and keep the configuration as simple as possible. Make the config too hard, and people return the items to the store.

The retailer? What's their responsibility here? Some like eBay/Amazon are just flea markets selling any crap that the associated merchant wants to sell. There is no "Underwriters Lab" to test some of the basic configuration stuff.

The consumer? They don't care - it doesn't affect them unless they want to get to Twitter or whatever other site is under attack. The consumer's main interest is in low-prices for whatever device they are adding.

The ISP? It isn't their device that is directly causing the problem. And yet they added support for UPNP to their firewall/router to make configuration easy without thinking about what the possible downsides might be.

I see some here and other places argue that the problem is that we just need fatter pipes or more and/or better infrastructure. And while some improvements might be made, this is a cop-out basically because nobody else takes ownership of the problem, and it can potentially cost them lots of money.

All I expect to see is more finger pointing, and ever more attacks. Eventually government is going to step in - maybe they try and force product recalls on the IoT devices? If we are lucky that's all they do.

Comment Re:Searchable database of attackers? (Score 1) 74

Look at your router config, and look for UPNP and/or port forwards and see whether any firewall ports have been opened up for these devices.

I would actually advocate disabling UPNP on the router, but I have no doubt that doing so would break some sort of lame device or application, and people would howl about how they just can't possibly do that.

Comment Well one lesson from this.. (Score 1) 150

One lesson from this is that if the Note 7 had removable batteries, this all could have been a lot easier for Samsung to deal with.

I am not quite getting how/what it is that they managed to screw up so their batteries keep catching fire. How did this make it through Q/A the first time, and how is it that the so-called replacements are still having issues.

Comment Re:The well-stocked bunkers would be early targets (Score 1) 332

But even then - assume they have a private security force. Those people would need food as well - what's not to say that those folks bug out to take care of their own families. In reality one would need to make the bunker large enough to support your security staff and their families.

The whole "bunker mentality" just seems wrong to me - in reality there are very few scenarios where such a thing could actually help you. I suppose a hurricane might be one, but there you have advance notice and just leaving the area ahead of time might be a better choice. An earthquake might in fact damage the shelter itself, and is geographically limited, so people might be inclined to leave and go somewhere else where there is no damage.

Super-volcano or asteroid strike? Yeah, I suppose a bunker might be useful in such a case, but for all of the things to worry about, these two things are pretty far down on the list. You might as well worry about an attack by space aliens.

Back in the 1950's people worried about a nuclear attack - I suppose the idea at the time was that you just camp out until the radiation levels have subsided, but in reality the things were just a bit of theatre to make people feel more secure. If a nuclear attack were to happen today, it is more likely to be a rogue nation or individual, implying a smaller bomb, and a smaller affected area, so just leaving the affected area might make far more sense than trying to camp out underground for an extended period.

Comment Re:Not sure you have a lot of options? (Score 1) 222

I did recently install a Win7 machine from scratch. After the install I installed the August rollup, and then ran windows update. That thing must have run for a full day before it concluded that there were only 24 updates that were required (half of which were .NYET).

Microsoft announced that they are going to do similar rollups for .NYET.

Slashdot Top Deals

When I left you, I was but the pupil. Now, I am the master. - Darth Vader