SoylentNews is people
SoylentNews
from the something-desperately-needed dept.
The Federal Trade Commission announces
The Federal Trade Commission (FTC) is hosting a prize competition that challenges the public to create a technical solution ("tool") that consumers can use to guard against security vulnerabilities in software found on the Internet of Things (IoT) devices in their homes.
The tool would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords.
The prize for the competition is up to $25,000, with $3,000 available for each [of three] honorable mention winner(s).
However, not only do the gov't workers not put ALL of the details on ONE page like people with normal intelligence, you also can't see the part of the page that contains the Registration and Submission link unless you have JavaScript enabled.
In their coverage, El Reg notes
Anyone who gets a genuinely good solution to this stuff won't need the $25,000 for long: they'll be scooped up by Silicon Valley in less time than it takes to say "elevator pitch".
Submissions for the [FTC] contest open on March 1, 2017 and close on May 22, 2017. Winners will be announced on July 27, 2017.
They also have a not-exactly-short list of IoT stuff that has already been pwned or has shipped with insecure configurations.
We can probably all agree that the current situation with insecure devices that can be hijacked and used as bots is unsatisfactory, but has anyone got any suggestions that would still enable a company to market secure devices while keeping the costs at a reasonable level?
(Score: 1) by RS3 on Saturday January 07 2017, @06:27PM
I agree mostly with you in that really bad stupid short-term market-competitive greedy decisions are made, but not by engineers/programmers. I mean no flame or disrespect, but as an engineer (hw & sw) I get frequently offended when I hear, in common-speak, how something was badly designed by the engineers, programmers, etc.
Engineers/programmers/designers just come up with ideas of how to get things done, how to solve problems, etc. It's up to usually greedy, competitive non-technical people to make the decisions about how much development, design review, QC, alpha/beta testing, safety, protection, etc., is designed in and done before pushing things out to market. This has been by far the biggest frustration of my career: non-technical (idiots) who mostly only see short-term $, but who have power (political and $) over design & manufacturing processes. Almost every time I've suggested a design improvement, safety concern, etc., at the least I've been met with "that's a great idea for the next rev., or product, but right now we "gotta eat" (exact words of the general manager of a now-gone company), I get labeled as a "trouble-maker", "complainer", "negative", etc. OK, those were speculative but for sure I've never gotten a response of "stop production- get this problem fixed", or "great idea- let's implement it now".
I'm annoyed as I remember situations I've been involved in, as well as major failures such as Space Shuttles Challenger and Columbia, bridges, buildings, on and on, all traceable to non-technical idiots who just don't understand things, who overruled the wisdom and insight of the technical people. This is why we have all kinds of state and federal government agencies, rules, regulations, licensing, bureaucracy, forms, paperwork, etc. I just wish the news media would really zero in on the problem and blast it to the point where maybe even govt. would get involved. That's what happened with Space Shuttle Challenger, but of course, human nature being what it is, slowly over time NASA got lazy, schedule worry, cheaped out, and we had the Columbia disaster.
Since we're already in this mess with so many insecure devices connected to the Internet, I think the only real way to fix this will have to be with the ISPs / backbone carriers. As much as we all hate censorship, at some point there are idiots causing so much trouble that we have to take significant action. I outlined earlier in this discussion how it is not possible to catch all IoT problems with a local customer device: an IoT thing could connect to someone else's/open WiFi and you can't filter that without a Faraday cage, etc. My only conclusion (so far) is that the ISPs will have to start inspecting and filtering.
I do admin for a small hosting company where we use Verizon for ISP. It was OK at first 8 years ago, but Verizon has been increasingly filtering stuff and causing us problem after problem. They even threaten to cut us off if X, Y, Z. My point being: ISPs are willing to do active filtering and policing, so maybe make a law saying they have to detect and identify, and maybe block certain kinds of traffic, etc. At the very least some kind of mechanism that Internet Police can determine where (IP) DOS traffic is coming from so that it can be found and I can apply my 3-foot handle wire cutters.