[clue-talk] the IPv6 dream is dead - more discussion fodder
Nate Duehr
nate at natetech.com
Tue Jul 1 16:32:35 MDT 2008
I always laughed when I saw comments that IPv6 was "needed" so that
"every appliance in your home could be network-connected".
It was always a commonly (even if tongue-in-cheek) example in
publications -- about why we needed massive address space in the 90's
boom days. And almost always in texts about IPv6.
Now here's a real-world example of why you DON'T want your coffee pot on
your corporate LAN: Someone could SCREW with your COFFEE.
Call out the National Guard! Puddles I tell you! Puddles!!!!
Nate
--------
MISCELLANEOUS
--Java Jive
(June 17, 2008)
Risk Advisory Services manager Craig Wright notes that his Internet
connected Jura Impressa F90 coffee maker has a number of software flaws
that could be exploited to change the brewing strength of the coffee,
change the amount of water used for each cup, possibly causing puddles,
and engineer incompatible settings that break the machine. Attackers
could also "gain access to the Windows XP system it is running on at the
level of the user."
http://www.securityfocus.com/archive/1/493387
http://it.slashdot.org/article.pl?no_d2=1&sid=08/06/17/1941200
[Editor's Note (Honan): On numerous occasions when working with clients
I have discovered issues with these type of devices that have undermined
the security of their network. Default passwords, misconfigurations and
unpatched operating systems can allow these devices be a point of attack
onto your network. So make sure you include them in your risk
assessment, vulnerability management process and protect them
accordingly.
(Veltsos): This past year many security researchers have been raising
the alarm about the vulnerabilities hiding in embedded devices. Many
such devices run trimmed-down operating systems (often Linux-derived),
come bundled with outdated or exploitable programs, and offer little or
no patching capability. As more devices become internet-capable, the
threat landscape expands into unconventional and often overlooked
devices, from coffee makers to fridges, from digital picture frames to
internet webcams.
(Kreitner): Finally, cyber security will get some attention when people
realize it could mess with their coffee. That's serious. Call in the
risk managers. Get on this right away.]
More information about the clue-talk
mailing list