WannaCry [OT]

Richard Gaskin ambassador at fourthworld.com
Mon May 15 20:23:16 EDT 2017 

Good thoughts, Kay.

The DDoS last October only reinforced my inherent distrust of IoT devices.

Until we see some enforced security standards, I have no interest in 
"smart cars", "smart TVs" or "smart homes".  When I look at those 
products I just see one big botnet.

--
  Richard Gaskin
  Fourth World Systems


Kay C Lan wrote:
> On Tue, May 16, 2017 at 3:13 AM, Richard Gaskin via use-livecode
> <use-livecode at lists.runrev.com> wrote:
>>
>> Might it be (again, we can't know for sure until we talk with each vendor)
>> that they simply soldered too little RAM onto the motherboard and provided
>> no means of updating the OS because they weren't thinking long-term?
>>
> Hmmm sounds so simply, but I think when you are talking about any
> machine worth more than $1000, especially from any reputable provider
> (i.e. one that would win a government contract) then a huge amount of
> thought and design has gone into all the compromises necessary to
> achieve the 'current objective' whilst achieving an acceptable ROI. In
> every case, I'm sure there'd be a desire to make it more modular, add
> more RAM, add more software features, or make it smaller or lighter,
> but just like the other Post about Tom Pitman and his need to reduce
> 257bytes of code down to 256 because that was all that was physically
> available; there will always be some constraint where today's
> technology and hindsight make it easy to say  'if only they did
> this/that/the other'.
>>
>> If hardware vendors are looking for control over their platforms, perhaps
>> they should be looking at open source OSes so they have access to the source
>> code, ensuring that it will do always be able to do what they need.
>>
> Again it sounds good but my own prediction is that open source OSes
> for 'the internet of everything' will be opening the floodgates for
> exploitations that will effect a wider portion of the community, more
> and more often. I'm particularly thinking of cheap Chinese smart
> phones and TVs. My parents have gone through several cheap Chinese
> smart phones (Huwei to name one brand) that have all ended up getting
> to an OS version and then can no longer be upgraded. The phone still
> makes phone calls; no software makes a phone conversation any better.
> That's all my parents, and the vast majority of the population needs.
> They are not going to buy another phone just because the OS has EOLed.
> The phone gets upgraded only when it's no longer fit for purpose -
> battery doesn't last long enough. Same with Smart TVs but on a much
> worse scale. Few companies, and certainly no cheap Chinese brand
> company has any interest, once they've sold you a TV and made a slim
> margin of profit on it, in keeping the OSes up to date. How often does
> Linux get a security update, yet how often does your Smart TV tell you
> you need to update it's Linux based OS? You really think the
> population is regularly going to check the Smart TV Firmware date and
> as soon as it gets to the point it no longer can be updated, or is
> 6/8/12 months behind Linux, they'll trash it and buy a new one? In
> most cases it's not even the device that tells you it's OS has EOLed,
> it's some other vendor's software (Google Maps/Neflix) that tells you
> you can't download the latest version because you aren't running the
> latest OS.
>
> Cars, cameras, fridges and a whole heap more are starting to run
> Linux/Android and be network connected; unfortunately the bottom line,
> not security, is the driving factor for this choice. As I said, I
> predict this will increase the number of EOLed OSes available to
> unscrupulous entities to exploit.

More information about the use-livecode mailing list