Should the Internet of Things Be Regulated?

There’s a big problem with little devices on the Internet. A lot of them have really sloppy security. They have default passwords which require extra effort to change. Some have their own Web servers for no fathomable reason, and others have unsecured Wi-Fi connections. People install them with very little thought and no configuration.

These devices are vulnerable to attacks that take them over remotely, incorporating them into botnets. The October 21 attack on Dyn’s DNS servers made many websites unreachable for a large part of the day. The attack came from thermostats, refrigerators, security cameras, and light bulbs. It’s like an episode of The Twilight Zone.
Continue reading Should the Internet of Things Be Regulated?


The real problem exposed by the Cloudflare leak

The reporting about the Cloudflare leak had me puzzled. Apparently reliable reports said that its parser bug had leaked customer sites’ HTTPS data, including passwords. My immediate reaction was to wonder how this was even possible. You can’t pull data out of someone else’s HTTPS transactions without their private key. I asked about this in a comment on a Dreamwidth post that raised the matter, and was told I was being “belligerant” by asking. Hmm … At least one IT person doesn’t want me asking. Something interesting must be going on.
Continue reading The real problem exposed by the Cloudflare leak