Editor's Note - The Internet of Pwned Things RRS feed

All replies

  • The one thing that I have noticed about the internet is that it was never built for thousands (or even millions) of people. It was built for a group of researchers to share data amongst their computers. Because of this, it was also never built to be secure.

    Because of the way that the internet has expanded, and the vast amount of people that use it, we need to start rethinking and restructuring the internet to handle this, and build it around security, as well as around interconnectivity, if we aim to successfully introduce IoT everywhere.

    Sunday, December 4, 2016 1:45 AM
  • That's pretty funny really.

    With regard to Mirai Malware I would guess that devices provided with new passwords couldn't be compromised with default passwords, unless the default passwords are also backdoors even if a new password is provided, so none of this would've happened if that is true.

    About 18 years ago I was working at a company where the higher ups kept disregarding the IT department about email attachment security by opening attachments regardless of who or where they were from until some major virus caused days of downtime because fools disregarded what the IT department said due to stupidity. All the sudden things changed after that regarding the IT departments authority on such matters.

    Heck we even had a secretary of state sending out top secret code word material via unclassified mail in her home and I'm fairly certain that all of the training as well as documentation she had to sign regarding dealing with classified information was way more than enough for her to know better than to illegally do what she knew she was illegally doing. It was for me when I had a TS clearance over 20 years ago.

    Stupid is as stupid does Forrests mama used to say. You really can't stop stupid or criminal behavior anyhow so good luck with that.

    La vida loca

    Sunday, December 4, 2016 3:06 AM
  • You cannot stop criminal mind behaviour right enough, but if the default passwords are the same for every device, and no one bothers to change them, then I can see how this might take effect. But then, something I have noticed, which has confused me even more is that when I setup my Raspberry Pi with IoT Core using the Dashboard, it asked me to input a password - which was not the default one. So I guess security is getting better?
    Sunday, December 4, 2016 4:22 AM
  • I don't know anything about IoT devices really. I suspect SCADA devices were the most insecure devices in the past which is why there was great fear in the electric grid and things being hacked for a time.

    Anyhow if a device is provided a non-default password and then can not be accessed by the default password that sounds secure to me. Security is only as good as those in charge of it. And whoever leaves default passwords in devices they purchase are apt to enjoy the consequences of their actions at some point.

    And hackers of types have nothing better to do than figure out how to do things like this anyhow which is those hacker types interest for whatever reason that may be.

    Just think about smart cars that can drive themselves and whatever point that becomes volumous and somebody then hacks GPS or Cell networks or something altering it like the Iranians said they did for some U.S. drone a bit ago causing the drone to land in Iran. And all these cars suddenly veer off the road to their new coordinates or however that may occur. Or UPS has delivery drones crusing along and all the sudden they all drop their packages off at different locations than they were supposed to or just crash into stuff and people. I'm pretty sure the "security" for all these up and coming things ain't gonna cut it really.

    Should automotive repair shops be allowed to access vehicle computers without having passwords? What if akamai gets hacked and provides "updates" or whatever MS uses it for of viral nature? Are medical systems online such that hacking them could cause deaths to patients? If nuclear power plant control systems are online then that's an accident waiting to Chernobyl.

    La vida loca

    Sunday, December 4, 2016 5:14 AM