1. If you're receiving a message that you are banned from the Current Events or Politics forums, it's not you specifically: those forums have been hidden for all users. For more info, see here.
    Dismiss Notice

Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
    And we hate the electrical standards, because It means that I can't legally pull an Ethernet cable through my roof, and they guys who are legally allowed to do so, charge excessively because of the overheads such schemes introduce.

    "Sorry, I don't have my open coding licenses, so I can't write a batch script to find ospp.vbs"


    There is a shared responsibility here I think. If the device is popped because the user didn't change the default credentials or changed it so something that can be easily guessed, That's not the manufacturers fault.

    Bring in a penalty system for Manufacturers, or force recalls like cars (hooray, car analogy), and the shit manufactures will quickly fall by the wayside.
     
  2. wintermute000

    wintermute000 Member

    Joined:
    Jan 23, 2011
    Messages:
    2,562
    ROFL you sound like a true F5 guy.
     
  3. wintermute000

    wintermute000 Member

    Joined:
    Jan 23, 2011
    Messages:
    2,562
    nobody is interested in inspections and penalties for 1-100 dollar widgets (let alone the practicalities)
     
  4. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    44,857
    Location:
    Brisbane
    Valid criticism. But how many house fires have been prevented courtesy of the same anally-retentive laws preventing dickheads from running shoddy 240V cabling?

    I know restrictions are painful for those who have a clue. But I dare say we're entering an era where the clueful outweigh the clueless by dangerous numbers. Again, take a look at this Mirai-powered botnet. You're talking about a network where 10% of its available power was enough to impact some serious infrastructure for a decent amount of time. Consider the impact of 100% of that force concentrated on a single point.

    And as someone mentioned above, consider what that could be used for. As a nuisance it's merely first world problems. But applied to something like the stock market, and there's an opportunity to really knock some businesses and/or markets around.

    This whole thread is a collection of anecdotes that all boil down to "some unqualified twat made a call on something they shouldn't have". Whether that's indirectly like on where money should have been spent, or something direct where it was a line of code written or a system configured in a particular way. These 1251 pages so far have documented the collective frustrations of just a handful of folks who have witnessed countless times where someone way out of their depth was allowed to do something really stupid.

    Would regulations slow us all down? Heck yeah. And maybe that's a good thing. I certainly feel a lot better when bridges and buildings are made slower and more expensive, but don't fall down. Maybe it's time software and IT was treated with the same caution.
     
  5. Dre_

    Dre_ Member

    Joined:
    May 25, 2014
    Messages:
    841
    Sure you can blame manufacturers, it's very simple.

    Routers from Optus have unique SSIDs and passwords which are on small stickers under the unit. Why would any IoT device be any different? Make the user change the username and password on first use.
    But, they don't do that because it'll cost them too much in support calls from clueless users.

    They can do something they just choose not to do anything.
     
  6. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    44,857
    Location:
    Brisbane
    I've seen a few threads on OCAU in recent months where people are up in arms over commercial entities being "arseholes" (the Jaycar/Freetronics thread comes to mind here too). Ultimately for them business is just a commercial venture, and what some people see as "bad behaviour" is just companies being nothing more than heartless money making machines, which is what capitalism is at its core.

    The only way to change their behaviour is to make something not cost effective. Either their products need to be blocked for sale if they're not safe enough to use, or consumers need to pay more for better devices and lead by example.

    That's not to say that either of those tasks is trivial (again, I firmly believe that even identifying a "good" or "bad" IoT product is so far outside the reach of 99% of the population it's not funny), but ultimately there will be zero change unless there's financial incentive for the people making these products to change.
     
  7. Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,083
    Location:
    Sleepwithyourdadelaide
    The problem with that method is they all use the same firmware hence that default password is almost certainly be generated by the firmware. If they use the mac address as the seed (as most do) then I can crack it.

    Eg you can poll the mac address without knowing the wifi password, download a firmware update from their website, load it up in IDA and then pull the generation code out of it, voila now you have a "keygen" for the default wifi password.

    I did this to my neighbours belkin router which uses the same generation code for all models from 2007 to 2013

    A few easy fixes eg forcing them to change the password, or not using the MAC address as the seed. Seems even big companies still get this wrong
     
  8. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    44,857
    Location:
    Brisbane
    Big or small, it doesn't matter. There's no financial incentive for them to change.

    Conversely, there's plenty of financial incentive to not change. Immediately, they save money not implementing smarter technology or hiring smarter people. Medium term, if a device is compromised, the only fix is for the consumer to throw it away and buy a new one. Designed obsolescence through poor security.
     
  9. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    10,181
    Location:
    Briz Vegas
    Just create an anti botnet that changes default passwords to super complex long ones to discourage the nasty hackers.
     
  10. Foliage

    Foliage Member

    Joined:
    Jan 22, 2002
    Messages:
    32,083
    Location:
    Sleepwithyourdadelaide
    Then they will all press the reset pin and you get a guaranteed default password. :lol:

    Seriously though that is a good idea.
     
  11. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    44,857
    Location:
    Brisbane
    I'm pretty sure the "botnet to fight a botnet" idea has been tried at least once, and worked to boot. From memory the last time it was used, it merely shut down infected devices (rather than making permanent changes).
     
  12. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
    They do inspections and penalties for 1-100 widgets that plug into electricity... Why should Network devices be an insurmountable barrier?

    Any pre-baked creds, "unique" are generated, you could probably have someone (or something) boot them up and write a password out that is generated from something not on the device, but this would add expense... so all manufactures would be forced to do it, otherwise, the ones that don't would be cheaper, and dominate the market. Requiring them to be changed by the user, just results in "password" being the password.

    There are no financial disincentives for shipping shit, and the market reward the cheapest products... so until one or both of these things change, I just don't see the status quo changing any time soon.

    I remember Welchia patching Blaster... good old Worm-Wars :).
     
  13. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,834
    Location:
    elsewhere
    The whole concept of IoT devices is broken. I mean, take these ridiculous internet connected fridges. You buy a fridge you expect that thing to last what, 20yrs? 20yrs, with some cheap skinned android tablet stuck in the front of it. Even if the company was determined to do the right thing, how are you going to keep that secure and functional over that time period? You can't. It'd be a struggle over 10yrs. Who is going to spend a $3K+ on a fridge and then have to replace it in 5-10yrs because it's now part of a botnet doing the bidding of some hostile nation state.
     
  14. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
    Isis can now check if infidels are actually infidels, via checking for

    Code:
    Fridge Has Bacon = True

    With Australian consumer law, I guess it comes down to if your fridge being owned by Isis is a fault or not, and if it is, will the fix it, or just not sell in Australia anymore, ala Steam.
     
  15. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,387
    Location:
    Brisbane
    The bigger question is why the fuck does my fridge need the internet in the first place?

    They can't automatically order milk and bacon for me - so who the fuck cares.

    I mean watching porn whilst i make some eggs is nice, but it doesn't really add value to my life.
     
  16. hosh0

    hosh0 Member

    Joined:
    May 28, 2007
    Messages:
    8,971
    Location:
    Sydney N.S.W

    Don't act like we all haven't seen a mission critical program or piece of hardware that is like 20 years old!


    Excellent, jokes on them! I've renamed my bacon to now be refereed to as FlavourAwesomisingGiftFromTheGods. That's also my password.
     
  17. hosh0

    hosh0 Member

    Joined:
    May 28, 2007
    Messages:
    8,971
    Location:
    Sydney N.S.W
    Well that's the plan right is over time. They could order your pre-selected items for you. I remember ages ago watching a demo of how this all could one magical day work, problem is you have to start somewhere and without full feature set.
     
  18. itsmydamnation

    itsmydamnation Member

    Joined:
    Apr 30, 2003
    Messages:
    10,697
    Location:
    Canberra
    hate to be the guy who's fridge just order by error 70,000 bottles of milk :)
     
  19. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,387
    Location:
    Brisbane
    The problem is we've just introduced a zillion more device classes that will be supported even less.

    Its one thing that every camera system and HVAC system hasn't been updated since they put it in 10+ years ago, because usually there isn't much benefit putting these on the web.

    Start making everything internet enabled, mix in IPv6? armageddon guaranteed.
     
  20. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,100
    Location:
    NSW
    I agree, our biggest issue is the young mum who buys a web cam for her child so she can watch them from the web app, that nicely shows her how to open it up to the general web and be accessible from outside of her own network, and also promptly forgets to get her to change the password and leave it as admin/admin.

    Just because you can doesn't mean you should.
     

Share This Page

Advertisement: