<div dir="auto">The merest hint of "set and forget" devices left live online forever scares the poo out of me. Colossally stupid idea. Add the "use of this device releases the manufacturer of all liability" license crap and it starts looking like a smokers convention at a fireworks factory.<div dir="auto"><br></div><div dir="auto">There's a responsibility level that software production just hasn't accepted yet. Sometimes 'release early, release often' is really translated to 'break early, break often, release anyway".</div><div dir="auto"><br></div><div dir="auto"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Jun 8, 2017 8:31 AM, "DJ-Pfulio" <<a href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Perhaps IoT devices need this too?<br>
<br>
Bruce Schneier's blog ...<br>
<a href="https://www.schneier.com/blog/archives/2017/06/safety_and_secu.html" rel="noreferrer" target="_blank">https://www.schneier.com/blog/<wbr>archives/2017/06/safety_and_<wbr>secu.html</a><br>
"Last year, on October 21, your digital video recorder — or at least a<br>
DVR like yours — knocked Twitter off the internet. Someone used your<br>
DVR, along with millions of insecure webcams, routers, and other<br>
connected devices, to launch an attack that started a chain reaction,<br>
resulting in Twitter, Reddit, Netflix, and many sites going off the<br>
internet. You probably didn't realize that your DVR had that kind of<br>
power. But it does."<br>
<br>
<br>
A few years ago during a national election is a smaller country, the<br>
entire country was taken off line using internet attacks.<br>
<br>
IoT (or Internet of Shit-devices) have amplified this power.<br>
<br>
<br>
On 06/08/2017 08:09 AM, Jim Kinney wrote:<br>
> Hah!<br>
><br>
> Sad but true.<br>
><br>
> Certain aspects of programming should be required to be<br>
> run/directed/managed by licensed professional engineers. Finance,<br>
> utilities, and medical are the top three for me that scream for real<br>
> professional programming. We don't let precocious high schoolers build<br>
> bridges just because they were really good with lego blocks. Engineering<br>
> of physical things protects itself with professional standards.<br>
> Engineering of virtual things needs to do the same.<br>
><br>
> On Jun 8, 2017 7:44 AM, "Adrya Stembridge" <<a href="mailto:adrya.stembridge@gmail.com">adrya.stembridge@gmail.com</a><br>
> <mailto:<a href="mailto:adrya.stembridge@gmail.com">adrya.stembridge@<wbr>gmail.com</a>>> wrote:<br>
><br>
> For $250 they got about what they paid for.<br>
><br>
> On Thu, Jun 8, 2017 at 6:42 AM, DJ-Pfulio <<a href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a><br>
> <mailto:<a href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a>>> wrote:<br>
><br>
> Of the 17 commissioned projects by Tripwire (a security firm), 10<br>
> websites were completed and purchased.<br>
><br>
> The researchers found that every website had critical security<br>
> failures.<br>
> Read more here:<br>
><br>
> <a href="https://www.helpnetsecurity.com/2017/06/08/website-security/" rel="noreferrer" target="_blank">https://www.helpnetsecurity.<wbr>com/2017/06/08/website-<wbr>security/</a><br>
> <<a href="https://www.helpnetsecurity.com/2017/06/08/website-security/" rel="noreferrer" target="_blank">https://www.helpnetsecurity.<wbr>com/2017/06/08/website-<wbr>security/</a>><br>
><br>
> * Unauthorized users allowed (all) - Check<br>
> * Allowed hackers to upload a PHP webshell (all) - Check<br>
> * Allowed auth bypass via SQL injection (several) - Check<br>
> * Allowed content modification via SQL injection (half) - Check<br>
><br>
> Short, but interesting read.<br>
<br>
______________________________<wbr>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/<wbr>listinfo</a><br>
</blockquote></div></div>