On 2/11/2016 7:14 AM, Stephen Farrell wrote:
On 11/02/16 15:02, Russ Housley wrote:
http://www.theguardian.com/technology/2016/feb/09/internet-of-things-smart-home-devices-government-surveillance-james-clapper?CMP=share_btn_fb
Yeah, that's a shocker eh;-(
In terms of privacy, it is worth treating statements about likely
exploitation for attacks as merely one more basis for increasing
protections.
Until recently, I'd assumed that the IOT devices in a home could be
isolated from the devices under more classic control, such as personal
computers. That is, since a user does the regular administration of
their computer, its safe operation is likely to be more predictable,
whereas all those IoT-ish devices are likely to be more vulnerable. So
set up a barrier (firewall) between them.
It's increasingly clear that
a) a firewall isn't really possible, given the extent of
interoperation needed among /all/ the devices in a home, and
b) none of the classic consumer devices (pc/laptop, tablet,
whatever) are as much under user control as one would like to think. [1, 2]
Simply put, we need to design protection mechanisms on the assumption
that every single device is being told by outsiders (vendors, attackers,
whoever) to obtain and report data we might wish them not to. There's
no safe island.
d/
[1]
http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/
[2]
http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
