[ih] Your refrigerator probably hasn't joined a botnet

Sun Jan 19 08:42:40 PST 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

No sense in writing this twice. :-)

Here is something that I sent to libtech just a few minutes ago...
although not "historical", it is important, I think, to properly frame
the situation as it stands today -- we're moving into new territory
every day. Some it if is... predictably dangerous if proper safeguards
are not incorporated up-front instead of "bolted on" after deployment
(which usually always fails).

- - ferg

- -------- Original Message --------
Subject: [liberationtech] Your refrigerator probably hasn't joined a
botnet
Date: Sun, 19 Jan 2014 08:36:10 -0800
From: Paul Ferguson <fergdawgster at mykolab.com>
Reply-To: fergdawgster at mykolab.com, liberationtech
<liberationtech at lists.stanford.edu>
Organization: Clowns R. Mofos
To: liberationtech <liberationtech at lists.stanford.edu>

This nonsense about refrigerators being part of a botnet is not an
accurate depiction of the world we live in today, but more of a
warning of where things can go wrong in the future, while
technologists are rushing headlong into the Internet of Things (IoT).

While there are certainly some interesting real-world examples of
unintended consequences of consumer devices being infected by Trojan
Horse programs and other malware (e.g. digital cameras and picture
frames coming directly into the retail market "pre-infected" from the
manufacturer, hospital healthcare devices becoming infected by
computer worms through incidental contact, etc.), most cases today are
incidental.

Via BoingBoing:

"A mediagenic press-release from Proofpoint, a security firm,
announced that its researchers had discovered a 100,000-device-strong
botnet made up of hacked 'Internet of Things' appliances, such as
refrigerators. The story's very interesting, but also wildly
implausible as Ars Technica's Dan Goodin explains."

"The report is light on technical details, and the details that the
company supplied to Goodin later just don't add up. Nevertheless, the
idea of embedded systems being recruited to botnets isn't inherently
implausible, and some of the attacks that Ang Cui has demonstrated
scare the heck out of me."

http://boingboing.net/2014/01/18/your-refrigerator-probably-has.html

Don't get sucked in by the IoT marketing hype, but -- and it is a
*big* but -- there definitely is a potential for this headlong rush
into the Internet of Things can develop into the unfortunate situation
where no one spent enough time thinking about the security posture of
such actions. If no one spends time up front thinking about these
implications, we can have a real mess on our collective hands.

- - ferg

- -- 
Liberationtech is public & archives are searchable on Google. Violations
of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech.
Unsubscribe, change to digest, or change password by emailing moderator
at companys at stanford.edu.

- -- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLcAIAACgkQKJasdVTchbIMVwD9EaHANJUpKLRI4ZmIOUHbKP18
bgZaDBCkeXpHi6nZNEQBAIWxnLzkHI/rqIc3gz6ntcrErfGLHaC1ypn7M3bFdscz
=wh9j
-----END PGP SIGNATURE-----