Intel's zero-day problem
Intel's zero-day problem
Posted May 10, 2017 16:17 UTC (Wed) by raven667 (subscriber, #5198)In reply to: Intel's zero-day problem by ringerc
Parent article: Intel's zero-day problem
> Actually, I think with the IoT "revolution" we're right back there again.
> Pathetically insecure devices that never get security audits or updates
> Pathetically insecure devices that never get security audits or updates
I think you are right and its frustrating because unlike in the past, where the technology to secure devices wasn't built yet, people building IoT devices are taking tools which have access control, auth, etc. available and turning those features off, making by their action something reasonably secure, pathetic. In the same way that SSH raised the bar for default remote access/admin we need the same kind of effort to make the defaults for these kind of embedded devices reasonably decent. Basic netfilter rules and key-based auth using widely audited tools, could make these kinds of devices secure against the kind of wholesale attacks we are seeing.