Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Don't Hook Crap to The Internet Unless You Need (Score 1) 165

The problem is this though. The people that are attaching these devices are largely unaffected by this. They got some cheap device of some sort that at least somewhat does what the purchaser wants, and their own device isn't attacking their own machines.

And the manufacturers don't care either. And even if they did, what are the chances that they would have any amount of success getting people to upgrade firmware?

Comment Re:This is how you spell "shakedown"... (Score 1) 128

I think VW gambled that they would only get a slap on the wrist. But had that happened, then cheating by other manufacturers would be rather likely. The EPA wanted t make an example of VW so that nobody else would be tempted to do the same thing.

I would note that there are cities all over the world with serious smog problems, and most of them are not in the first world.

Comment The problem is that nobody owns this.. (Score 1) 351

There is no one person or class of persons who essentially owns this. The problem is a confluence of a number of factors, and so far all I see is fingerpointing as to whose job it is to clean up this mess.

First you have manufacturers that don't give a crap. Their objective is to turn out crap as cheaply as possible, and they only need to work well enough that the customer won't return it to the store.

You have the retailers. Most of whom don't know much about the items themselves. All they care is that customers not return them for being broken or too hard to configure.

You have consumers. They want cheap shit, and it needs to be totally idiot-proof to get working. Some will go out of their way to purchase directly from overseas e-stores just to save a few bucks. If it is too hard to configure, they will return the item, but they will seldom return something because it has default telnet credentials that the user cannot change.

You have ISPs. They added UPNP to their routers to support lamers and other sorts of devices. And you also have ISPs who have not yet added support for the RFC to control forged addresses. And you have ISPs who strongly believe that their job is to deliver packets, and they want no part in filtering anything that comes from a customer machine.

You have the standards body that came up with UPNP. They assumed that people building the objects would do a halfway decent job, and they blindly open up whatever ports the device behind the firewall asks for.

You have the standards body that decided that DNS should be both TCP and UDP. Yeah, I know it is faster, but it is also far easier to do an attack with a forged sender.

And then you have people who run the networks and machines that are under attack. They bear the brunt of it, but for the most part they don't have much of a role.

Given that nobody wants to take ownership of this, to me it means that we will never have complete cooperation. We will never get all of the ISPs on board. We will certainly never get all of the consumers on board, and we will certainly never get all of the retailers on board.

Comment Re:Solve the IoT security conundrum (Score 1) 77

And who then is responsible?

The manufacturer? They are undoubtedly under pressure to keep the costs as low as possible, and keep the configuration as simple as possible. Make the config too hard, and people return the items to the store.

The retailer? What's their responsibility here? Some like eBay/Amazon are just flea markets selling any crap that the associated merchant wants to sell. There is no "Underwriters Lab" to test some of the basic configuration stuff.

The consumer? They don't care - it doesn't affect them unless they want to get to Twitter or whatever other site is under attack. The consumer's main interest is in low-prices for whatever device they are adding.

The ISP? It isn't their device that is directly causing the problem. And yet they added support for UPNP to their firewall/router to make configuration easy without thinking about what the possible downsides might be.

I see some here and other places argue that the problem is that we just need fatter pipes or more and/or better infrastructure. And while some improvements might be made, this is a cop-out basically because nobody else takes ownership of the problem, and it can potentially cost them lots of money.

All I expect to see is more finger pointing, and ever more attacks. Eventually government is going to step in - maybe they try and force product recalls on the IoT devices? If we are lucky that's all they do.

Comment Re:Searchable database of attackers? (Score 1) 77

Look at your router config, and look for UPNP and/or port forwards and see whether any firewall ports have been opened up for these devices.

I would actually advocate disabling UPNP on the router, but I have no doubt that doing so would break some sort of lame device or application, and people would howl about how they just can't possibly do that.

Comment Well one lesson from this.. (Score 1) 150

One lesson from this is that if the Note 7 had removable batteries, this all could have been a lot easier for Samsung to deal with.

I am not quite getting how/what it is that they managed to screw up so their batteries keep catching fire. How did this make it through Q/A the first time, and how is it that the so-called replacements are still having issues.

Slashdot Top Deals

"They that can give up essential liberty to obtain a little temporary saftey deserve neither liberty not saftey." -- Benjamin Franklin, 1759