Re: [Fsuk-manchester] A powerful argument for software freedom legislati

fsuk-manchester

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fsuk-manchester] A powerful argument for software freedom legislati

From:	Bob Mottram
Subject:	Re: [Fsuk-manchester] A powerful argument for software freedom legislation?
Date:	Thu, 27 Oct 2016 16:04:38 +0100
User-agent:	Mutt/1.5.23 (2014-03-12)

On Sun, Oct 23, 2016 at 10:48:31AM +0100, John Rooke wrote:

https://www.theguardian.com/commentisfree/2016/oct/23/internet-of-things-vulnerable-nework-hackers-brian-krebs
From the article:
"Instead of using traditional computers for their botnet, they used CCTV
cameras, digital video recorders, home routers and other embedded
computers attached to the internet as part of the internet of things.”

What this attack demonstrates, Schneier says, is that the economics of
the IoT mean that it will remain insecure unless government steps in to
fix the problem. “This is a market failure,” he writes, “that can’t get
fixed on its own.”

He’s right. Computer companies such as Apple and Microsoft go to great
pains to try and ensure that the desktop and laptop computers they sell
are protected from malware and that vulnerabilities are patched as soon
as possible after they are discovered. But none of that happens with IoT
devices, which are sold at razor-thin profit margins and are usually
built by smallish Chinese and Taiwanese companies that don’t possess the
expertise (or the incentive) to make them secure. What makes it even
worse, though, is that most of the IoT devices currently installed in
homes cannot be patched. As Schneier says: “The only way for you to
update the firmware in your home router is to throw it away and buy a
new one.”



It's a tricky one to deal with, and this has been a problem ever since
internet routers at home became a thing. So it's not a new problem, just
one that's increasing in scale.

What could happen is that the government puts pressure on ISPs to become
the "cyberpolice" for your home network, monitoring and controlling
devices behind the home router. That could be quite convenient for users
but would also have freedom implications.

The other possible approach would be "the Tyrell solution" where
internet connected devices just stop working after a fixed number of
years, perhaps by blowing some diodes as happens with some security
devices.

The effectiveness of DDoS can also be greatly reduced by moving to
peer-to-peer systems rather than client/server. A possible intermediate
solution is to have static content seeding as a feature of browsers,
meaning that they don't always need to go to a web server to get the
content. There would be the beneficial side-effect of also making the
censorship of sites more difficult for any central authority.

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Fsuk-manchester] A powerful argument for software freedom legislation?, John Rooke, 2016/10/23
- Re: [Fsuk-manchester] A powerful argument for software freedom legislation?, Bob Mottram <=
  - Re: [Fsuk-manchester] A powerful argument for software freedom legislation?, Chris Hilliard, 2016/10/27
    - Re: [Fsuk-manchester] A powerful argument for software freedom legislation?, John Rooke, 2016/10/29
    - Re: [Fsuk-manchester] A powerful argument for software freedom legislation?, Chris Hilliard, 2016/10/29

Prev by Date: Re: [Fsuk-manchester] Sun hardware in need of a good home
Next by Date: Re: [Fsuk-manchester] A powerful argument for software freedom legislation?
Previous by thread: [Fsuk-manchester] A powerful argument for software freedom legislation?
Next by thread: Re: [Fsuk-manchester] A powerful argument for software freedom legislation?
Index(es):
- Date
- Thread