|
|
|
|
|
|
by Chirael
3524 days ago
|
|
|
One of the Krebs articles mentioned an idea of a certification (similar to UL) which could be on products like DVRs and web cams. You can't ever certify something as completely secure of course, but the certification could indicate "firmware updatable", "no hard-coded default passwords" and "where there are passwords they are generated randomly and unique to each specific product" (not family of products). Maybe even "consumer can change all passwords to new randomly generated values". I can't say that all or even many consumers will care, but if ISPs stepped up and started emailing customers about suspicious traffic coming from their home networks indicating one or more devices may have been compromised, maybe a good number of consumers would start to look for that certification when they buy. Which is important because, let's face it, if insecure products don't actually impact sales then a lot of companies aren't going to care at all. You can try to punish bad behavior after the fact, but only if their government cooperates and even then I think many times they'd just fold up shop under one name and open again under another. You really have to address it at the point of purchase to affect company behavior IMO. |
|
|