A WiFi connected tea kettle, the iKettle, was recently tested by Pen Test Partners and found severely lacking, spewing forth WiFi access codes for encrypted networks to unencrypted clients with just a few tricks. As reported by geek.com:
Ken Munro, a researcher at Pen Test Partners, recently took to the stage in London to show off what he and his co-workers discovered. Their mark was the iKettle, which was proclaimed "the world's first WiFi kettle" by its creators on the crowd-funding site Firebox.
He was able to trick the kettle into connecting to an unencrypted WiFi network just by giving it the same name as the encrypted network it was originally connected to and using a directional antenna to make sure the signal was loud and clear. Once they'd hijacked the wireless connection, Munro and his partner were able to convince the iKettle to spill the key for the encrypted network.
All it took was two little commands sent via Telnet. And being the helpful little kettle that it is, it even handed Munro the key in plain text.
Original Story: http://www.geek.com/news/connected-kettles-found-brewing-up-security-problems-1637249/
(Score: 2) by NCommander on Wednesday October 21 2015, @02:44PM
Even though it would shaft me personally if that were true in the United States, I generally agree. I don't list an education section on my resume, nor do I list any certifications aside from my EMT-basic cert, (old) Firefighter 1, and my ham radio cert (once the FCC finally gets around to issuing it)
I also hope no one reads this as a slight to anyone who identifies as a "programmer". The difference between a programmer and an engineer is a programmer can make something work, and be awesome by creating whatever they can imagine. Software engineering is the thankless job for making sure it works 99.99% of the time, meets specification, and won't eat children. Most people do both to some extent, but most lean towards the former, and not the later.
The fact is at least in the United States, software engineering as a true discipline doesn't even exist, and given its been around since World War II, I doubt that's going to change anytime soon; its just cheaper to continue with status quo. We kludge around it by requiring certification of stacks for healthcare and similar, but I'm not aware of any type of software engineering certification (in general) that approves you do SE work. It may have changed since 2008, but computer science at my college deals with basically programming 101, and a lot of theory, and algorithms, and design considerations are at best footnotes. For recent college grads, I've yet to see something resembling the skills you actually need to build a fault reliable system; I have to go into resumes and drill on the interview to even know if a person is thinking along those lines.
I'll note that most people believe C is suitable for anything beyond "portable assembly", and C++ is suitable for anything* says plenty about the field.
You have to a certain mindset to even approach this work, and you either get it through experience, or getting it drilled into your head repetitively. I've done a lot of work to actually fix design issues with this site so it can survive sudden server existence failure (and multiples depending which ones go down) which is why our uptime is absurdly good. My attitude towards software engineering has rubbed off on most of the team.
* - No, I don't like C++. I've been told C++14 fixes plenty, but that's a discussion for another time. I'm happy to discuss this point at length; I love a good debate (that's open to anyone, but be prepared to cite sources and defend your position). Not just one sentence answers.
Still always moving
(Score: 3, Informative) by NCommander on Wednesday October 21 2015, @02:55PM
Hrm, I decided check after posting that. Wikipedia on the topic:
Need to change the resume, and look up the requirements of that professional engineer exam. Ah well, something to work towards \o/
Still always moving