On Mon, Dec 9, 2013 at 6:07 PM, Martin Thomson <[email protected]>wrote:
> On 9 December 2013 15:03, Richard Barnes <[email protected]> wrote: > > In point of fact, most of the interesting IoT vulnerabilities we've seen > so > > far have not been due to either of the above problems, but rather to > > manufacturers making stupid decisions that couldn't have been fixed by > any > > number of RFCs. > > Do you mean to say that RFCs are not the place to address this > introduction problem, or that people ignore RFCs? The latter is > something we already deal with; the former seems doable, were there > the will to do so. > I'm thinking of things like these... < http://thehackernews.com/2013/08/hacking-HP-printers-Vulnerability-wifi-password.html# > <http://bgr.com/2013/11/20/lg-smart-tv-spying/> ... which do not seem like RFC-able things (so, the latter). Both are poor design decisions; the first not applying authentication/authorization, and the second, well, just epically failing. What are you going to do, require someone to set a jumper for DNT?
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
