[Cryptography] Long-term security (was Re: ratcheting DH strengths over time)
Bill Frantz
frantz at pwpconsult.com
Wed Nov 18 17:34:14 EST 2015
On 11/18/15 at 12:13 PM, bear at sonic.net (Ray Dillinger) wrote:
>IMO, the Internet-of-Targets is a bad idea in the first
>place. There is NO way my thermostat or my refrigerator
>has any business talking to the Internet or listening to
>the Internet.
The thermostat use case for internet connection is coming home a
bit early after a trip where you put your house in
low-temperature vacation mode. You want it to be warm when you
come through the door, so you send it a message from your phone
while waiting for your luggage to arrive.
Probably the best way to attach things to the Internet with some
degree of security is to have an interface box which will
greatly limit the things you can do on the box, and be regularly
updated with security fixes. Some cars have a version of this
architecture with the entertainment system, the phone, the nav,
etc. being on a separate network from the engine controls and
the brakes. The connection between the networks limits the
things that can pass between them.
This message, from the SANS Security Digest is a harbinger of
things to come in the Internet of Targets space:
====== Forwarded Message ======
Date: 10/27/15 5:16 PM
Received: 10/27/15 1:16 PM -0400
From: NewsBites at sans.org (SANS Institute)
--Closed-Circuit Camera Botnet
(October 26, 2015)
A botnet made up of nearly 1,000 closed-circuit television (CCTV)
cameras has been detected. The devices were remotely accessible
and had
easily guessed or default passwords. The botnet was identified by
Incapsula while investigating an attack on a client's system. The
compromised cameras were all running a Unix utility bundle known as
BusyBox.
http://www.zdnet.com/article/cctv-cameras-worldwide-used-in-ddos-attacks/
http://www.scmagazine.com/ddos-botnet-comprised-of-nearly-a-thousand-cctv-cameras/article/449499/
[Editor's Note (Murray): Welcome to the Internet of Things.
Even if
most appliances are resistant to compromise or misuse, there
will always
be enough that are insecure as to represent a risk to the
Internet that
will be difficult to mitigate.]
====== End Forwarded Message ======
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"After all, if the conventional wisdom was
working, the
408-356-8506 | rate of systems being compromised would be
going down,
www.pwpconsult.com | wouldn't it?" -- Marcus Ranum
More information about the cryptography
mailing list