The Federal Trade Commission announces
The Federal Trade Commission (FTC) is hosting a prize competition that challenges the public to create a technical solution ("tool") that consumers can use to guard against security vulnerabilities in software found on the Internet of Things (IoT) devices in their homes.
The tool would, at a minimum, help protect consumers from security vulnerabilities caused by out-of-date software. Contestants have the option of adding features, such as those that would address hard-coded, factory default or easy-to-guess passwords.
The prize for the competition is up to $25,000, with $3,000 available for each [of three] honorable mention winner(s).
However, not only do the gov't workers not put ALL of the details on ONE page like people with normal intelligence, you also can't see the part of the page that contains the Registration and Submission link unless you have JavaScript enabled.
In their coverage, El Reg notes
Anyone who gets a genuinely good solution to this stuff won't need the $25,000 for long: they'll be scooped up by Silicon Valley in less time than it takes to say "elevator pitch".
Submissions for the [FTC] contest open on March 1, 2017 and close on May 22, 2017. Winners will be announced on July 27, 2017.
They also have a not-exactly-short list of IoT stuff that has already been pwned or has shipped with insecure configurations.
We can probably all agree that the current situation with insecure devices that can be hijacked and used as bots is unsatisfactory, but has anyone got any suggestions that would still enable a company to market secure devices while keeping the costs at a reasonable level?
Wire Cutter (Score:1)
My submission: wire cutters.
But seriously, if you have an IoT thing with an internal surface-mount ceramic resonator antenna, which most things do now, and you live where there is free WiFi / mesh networking that is out of your control, no external device can fix the problem. You'd have to build a Faraday cage around the thing, or your whole apt. / house. But I'm sure I'm missing something...
Norton Core (Score:0)
https://www.symantec.com/about/newsroom/press-releases/2017/symantec_0103_01 [symantec.com]
Network intrusion detection, with automatic updates, in a wi-fi router.
Default configuration (Score:2)
Are secure default configurations really so much more expensive than insecure ones?
