Bruce Schneier on Security and the Internet of Targets
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Bruce Schneier on Security and the Internet of Targets
I expect you will find this column by Schneier interesting. He is not optimistic about a bunch of internet-enabled junk that cannot be updated manufactured by outfits that for whom security is an afterthought, if it is a thought at all.
The article first appeared in the New York Times, and Schneier reproduced it on his website.
Yes, I read this when it was first published and have to agree with it. Sadly he's stating the obvious, but not really providing enough detail of the underlying problem.
Linux is seen as a cheap/free OS supported by "someone else", which can be flashed on to some embedded/IoT device, sold, warrantied for 1 year and then effectively abandoned. In the past, vendors had to write proprietary code at huge expense, maintain and develop that code and ensure it's security and stability - people in house had to work on it, were accountable and if it didn't work they were out of a job. Nowadays $SOMEONE_ELSE does the hard work and when some vulnerability emerges: it's "Linux's fault".
The devices are essentially throwaway and support is only token. But history tells us that most people will use a device until it falls apart, so billions of these insecure devices will be on the net, just waiting to be cracked. This is a serious problem for everyone and the web itself, not just the device owners. Domestic (disposable) routers given away by ISPs already tell us enough about this impending problem. You will still see today, if you scan for access points, many SSIDs being broadcast only supporting WEP or WPA (version 1). It's safe bet that these are also running some ancient Linux kernel and other open source software with old vulnerabilities. Nothing is done about this - it's just the sole problem of the blissfully unaware user of that "appliance".
And it's getting worse, with smart TVs, and smart refrigerators and smart cars and smart vibrators. There's also "novelty" devices such as the google "home". This "shiny stuff" sells, so they will sell it.
The definition between an "appliance" or "toy" and what is actually a "computer" with an OS installed is blurred in such cases.
Yes, I read this when it was first published and have to agree with it. Sadly he's stating the obvious, but not really providing enough detail of the underlying problem.
Consider his audience. I doubt that the typical NYT readers, even the most sophisticated, know enough about Linux to relate--maybe even to understand--your quite valid technical points.
I think they are a symptom of a larger problem: The managements who foster such a climate.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.