|
|
|
|
|
|
by wolly
3346 days ago
|
|
|
I find the arguments for "taking a stand" quite weak. Normally with subcultures that break the law or in other ways inconvenience people the moral argument is that you're doing something that isn't available to you (often as a group) and your actions themselves are meaningful (often because it makes it available to you). I don't really see in this case how they (or mostly anyone) is unable to improve IoT (or general) security through other means or that the consequences of the actions themselves are any different from other forms of attacks on software (like credit card fraud, denial of service or ransomware). The arguments from the "hacker" gets especially weak when they conclude that consequences of breaking IoT devices is worthwhile, but the consequences of IoT devices breaking the Internet doesn't have the same effects. Even though you could argue that it's far harder for most people to influence overall Internet security than IoT security and therefor the moral arguments for breaking the Internet as a way of improving it should be slightly easier to make. |
|
|
Really? How about you show me the evidence that people are... through "other means"... improving IOT security of these devices enough that DDOS isn't a big problem any more. I'd love to hear what you've done to convince all the vendors to focus on secure devices instead of profit when targeting markets that will deliver profit regardless of security. Most of us in INFOSEC haven't been able to convince much past a subset of software and hardware developers to focus on improving security.
The only time vendors ever delivered secure or safe solutions was when sound regulations were forced on them with a requirement they were followed before a purchase was made. That was TCSEC and DO-178B respectively.