Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:List of Vulnerable IoT devices? (Score 1) 48

Is there a reputable and updated list posted anywhere?

Not that I have found. That would be too much work for not enough online ad exposures.

Right now the only IoT type devices I have connected are a Buffalo router (DD-WRT out of the box)

Not sure if Buffalo is good about not putting in backdoors. Check that busybox is over v1.20.0. If not see if you can upgrade (maybe to OpenWRT), or set "domain" and "hostname" to hardcoded values before they get used in udhcpc/default.script or whatever script udhcpc first runs... though that may be a bit paranoid if your ISP is good about not letting users see each other's DHCP traffic. (There are a couple other options also affected, but they are likely not used by DD-WRT)

No clue on the Ooma.

Perhaps we could add features to DD-WRT and similar that look at our usage patterns, and notify us when it sees a usage pattern that just seems odd.

That's harder than it sounds... usage patterns depend a lot on server side code that can change anytime the vendor pleases, and cloud services are always moving around these days.

Comment Re:Consumer protection (Score 2) 48

Could there be no way for consumers of IoT to secure their own devices

If they cannot be arsed to change the default passwords, thinking they'd bother with running such an app is fantasy. And that's how these botnets spread

Many of these articles seem to implicate a "bug in busybox" or "bug in telnet", but they do not describe any activity consistent with exploiting CVE-2011-2716. At most the articles might suggest elevation of privileges after getting in via a default password, perhaps via CVE-2013-1813, but probably just due to busybox not originally having been intended as a multiuser runmode so such holes are more likely to be present there.

The "bug" seems to be just journalists not understanding that a default password is not the same thing as a software bug, nor is the language or platform/OS on which malware is targeted at fault for running a program written for it.

Anyway, since vendors seem to only find it economically viable to make these should-be-local devices totally reliant on overcomplicated cloud services, or even just like to leave hardcoded test accounts on them, and many of the devices contain closed SoC/peripherals so there's no equivalent of OpenWRT for them, even enthusiasts cannot really secure them easily enough to maintain any enthusiasm for the product. They'll end up cutting the feet of some shoeless child in a 3rd world landfill as soon as their manufacturer goes bankrupt or abandons the product line.

Incidentally if you have an old busybox where and you can alter the udhpc default script and prevent the use of DHCP-acquired hostname/domainname etc, that might be worth the effort if you cannot just reasonably upgrade it.

Comment Re:Nepotism? (Score 1) 227

No, a scientific approach would realize that it's necessary to throw random genomes at a problem in perpetuity or you'll stagnate at a local minima... and that investing in such a program is only helpful in that it generates data to be analyzed decades down the road when in-place gene editing has reached an adequate level of safety.

Comment Re:She did nothing wrong (Score 1) 356

A lot of people are pushing the story that she was ignoring any arguments for the pipeline and soliciting opinions to build a case against the pipeline

She's covering the protests and the treatment thereof by authorities (and those who are using force against them perhaps without the authority to do so.) The protests are her story, not the entire issue.

Yes, her coverage has been biased in that she's only interviewed the protesters, but at the same time, if you are covering a fire, you don't have any obligation to seek out people who thought the building in question was ugly and we're better off with it gone (unless there is a reason to suspect they were involved.) You just cover the actual fire -- when the firetrucks pulled up, how much of it is under control, and were there any people in the building.

Comment Re: Too Late (Score 4, Insightful) 394

I was kinda torn when all this sex stuff started coming out. I stopped even considering voting for Trump before the campaign even started, when he was jumping around cable stations with the birther nonsense, but even had he not exposed himself as a huckster that way, I would have disqualified him when the Trump University story surfaced... and never looked back because nothing they've dug up on Clinton is more than just run of the mill political favoritism which we've survived as a nation for practically all of our history. But then the hits just kept on coming against Trump -- the anti-intellectualism, the continued appeal to the worst parts of his supporter's nature, the charity frauds, the compulsive blatant lying, the compete lack of experience or understanding.... on and on and on with reasons not to vote for this farce.

But since I'd figure Trump University should have kept him from even being nominated by the Republicans, much less polling well in the general, one part of me wanted to say "Really, you were all set to vote for a guy who ran con schemes to steal money from rank and file regular people until some sex stuff came up? That's what it took?" (And incidentally if were really as rich as he says, then the only reason he'd even have done Trump University is out of some perverse P.T. Barnum source of sadistic amusement... take your pick he's either lying about his money, or an economic psychopath.)

But on the other hand the degree of offense evident in the sex material and the overall tone of that campaign towards women is so atrocious the other part of me is like, well, on balance it may be one of the biggest, steamiest turds, on the pile. So even though it took the public so friggin long to realize just how awful Trump is, at least they ended up fixating on one of the more compelling reasons.

Comment Re:Stupid (Score 1) 1042

Look, when you're undergoing seriously a dangerous brain transplant surgery, you can't be picky about the VR environment the medics pop you into, OK? They've got weightier things on their hands than simulating real people, and if some corners have to be cut by making a bunch of bland mannequins who never look up from their cell phones, that's just the breaks. Do you want literature, or do you want your motor cortex competently wired up... your choice.

Comment Re:The scam fell apart..... (Score 1) 212

Heh. I actually reported one of these to the appropriate two websites earlier this week, and when I read the headline I was like "well, that was fast" :-). Then I found another on my voicemail. So... apparently not the same ones. Well, maybe they are clearing the foreign competition away to allow domestic conmen to prosper under an anticipated Trump administration.

Slashdot Top Deals

8 Catfish = 1 Octo-puss