<div dir="auto">The merest hint of &quot;set and forget&quot; devices left live online forever scares the poo out of me. Colossally stupid idea. Add the &quot;use of this device releases the manufacturer of all liability&quot; license crap and it starts looking like a smokers convention at a fireworks factory.<div dir="auto"><br></div><div dir="auto">There&#39;s a responsibility level that software production just hasn&#39;t accepted yet. Sometimes &#39;release early, release often&#39; is really translated to &#39;break early, break often, release anyway&quot;.</div><div dir="auto"><br></div><div dir="auto"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Jun 8, 2017 8:31 AM, &quot;DJ-Pfulio&quot; &lt;<a href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Perhaps IoT devices need this too?<br>
<br>
Bruce Schneier&#39;s blog ...<br>
<a href="https://www.schneier.com/blog/archives/2017/06/safety_and_secu.html" rel="noreferrer" target="_blank">https://www.schneier.com/blog/<wbr>archives/2017/06/safety_and_<wbr>secu.html</a><br>
&quot;Last year, on October 21, your digital video recorder — or at least a<br>
DVR like yours — knocked Twitter off the internet. Someone used your<br>
DVR, along with millions of insecure webcams, routers, and other<br>
connected devices, to launch an attack that started a chain reaction,<br>
resulting in Twitter, Reddit, Netflix, and many sites going off the<br>
internet. You probably didn&#39;t realize that your DVR had that kind of<br>
power. But it does.&quot;<br>
<br>
<br>
A few years ago during a national election is a smaller country, the<br>
entire country was taken off line using internet attacks.<br>
<br>
IoT (or Internet of Shit-devices) have amplified this power.<br>
<br>
<br>
On 06/08/2017 08:09 AM, Jim Kinney wrote:<br>
&gt; Hah!<br>
&gt;<br>
&gt; Sad but true.<br>
&gt;<br>
&gt; Certain aspects of programming should be required to be<br>
&gt; run/directed/managed by licensed professional engineers. Finance,<br>
&gt; utilities, and medical are the top three for me that scream for real<br>
&gt; professional programming. We don&#39;t let precocious high schoolers build<br>
&gt; bridges just because they were really good with lego blocks. Engineering<br>
&gt; of physical things protects itself with professional standards.<br>
&gt; Engineering of virtual things needs to do the same.<br>
&gt;<br>
&gt; On Jun 8, 2017 7:44 AM, &quot;Adrya Stembridge&quot; &lt;<a href="mailto:adrya.stembridge@gmail.com">adrya.stembridge@gmail.com</a><br>
&gt; &lt;mailto:<a href="mailto:adrya.stembridge@gmail.com">adrya.stembridge@<wbr>gmail.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;     For $250 they got about what they paid for.<br>
&gt;<br>
&gt;     On Thu, Jun 8, 2017 at 6:42 AM, DJ-Pfulio &lt;<a href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a><br>
&gt;     &lt;mailto:<a href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;         Of the 17 commissioned projects by Tripwire (a security firm), 10<br>
&gt;         websites were completed and purchased.<br>
&gt;<br>
&gt;         The researchers found that every website had critical security<br>
&gt;         failures.<br>
&gt;         Read more here:<br>
&gt;<br>
&gt;         <a href="https://www.helpnetsecurity.com/2017/06/08/website-security/" rel="noreferrer" target="_blank">https://www.helpnetsecurity.<wbr>com/2017/06/08/website-<wbr>security/</a><br>
&gt;         &lt;<a href="https://www.helpnetsecurity.com/2017/06/08/website-security/" rel="noreferrer" target="_blank">https://www.helpnetsecurity.<wbr>com/2017/06/08/website-<wbr>security/</a>&gt;<br>
&gt;<br>
&gt;         * Unauthorized users allowed (all) - Check<br>
&gt;         * Allowed hackers to upload a PHP webshell (all) - Check<br>
&gt;         * Allowed auth bypass via SQL injection (several) - Check<br>
&gt;         * Allowed content modification via SQL injection (half) - Check<br>
&gt;<br>
&gt;         Short, but interesting read.<br>
<br>
______________________________<wbr>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo</a><br>
</blockquote></div></div>