Is Mr. Bumble running these IOT outfits
It's depressing to see how many IOT outfits are run imbeciles that make your average PHB look like a genius. Do any of these idiots talk to anyone who knows anything about computer security? It appears not.
Siemens has issued a security patch for CCTV cameras that cough up their admin passwords to remote attackers. The cameras are now sold by Vanderbilt Industries, which acquired the camera business unit from the German industrial giant in 2015. The security bug lies in the web server in the gadgets' firmware, and is present in …
Do any of these idiots talk to anyone who knows anything about computer security?
Of course not. The short sighted bean counters that run these companies see security as an unnecessary expense that just increases costs and hurts their profits and dividends.
Not, just realtime embedded development at its "business as usual setting". It is unfortunately, not Mr Bumble, it is his staff.
They have a brain rotting disease known as realtime embedditis. The primary symptom are uncontrollable urges to take on the OS in hand to hand combat and run everything in real-time, because if you miss an interrupt or a frame somewhere the world will end and the lamb will break the seventh seal.
So everything has to be re-invented and no component can be used off the shelf because, oh my god, the off the shelf stuff does not have this precious 0.0005% optimization and it is not running in realtime as a part of one giganto-monolitic statically linked blob. It is running as a separate process? There is an IPC? It is written in Lua? It uses components from well established framework like OpenWRT? It is not using DIY encryption and "my special supercrypto"? The world has ENDEEEEED, run for the hills.
This cannot be helped - it comes with the territory in embedded land. We will see it for a couple of decades at least until the current crop of numpties dies out.
They have a brain rotting disease known as realtime embedditis. The primary symptom are uncontrollable urges to take on the OS in hand to hand combat and run everything in real-time, because if you miss an interrupt or a frame somewhere the world will end and the lamb will break the seventh seal.
So everything has to be re-invented and no component can be used off the shelf because, oh my god, the off the shelf stuff does not have this precious 0.0005% optimization and it is not running in realtime as a part of one giganto-monolitic statically linked blob
Whilst I am not denying that there might be some truth in that, I think it is bit unfair. Embedded devices often do have quite a few resource constraints (not just CPU, but regards to image size and available RAM) that may render many off the shelf stuff unsuitable.
It is understandable that someone might thing that given the limited functionality required, writing it from scratch might be better option than off the shelf module that is either overcomplicated to the requirements, too expensive, or both.
Of course if they choose to write their own, they should pay more attention to security. And we all know that they rarely do.
It just clicked. Every time I unbox some bit'o'kit, out falls a postcard or envelope to post to "register your product". I've always chucked those away as useless and with the downside that I'd start receiving _more_ unwanted postal advertising directly from manufacturers and resellers.
But Mark 85 has opened my eyes. If we all returned those registrations we could be posted warnings whenever a past purchase needed to be patched. If we also added email addresses the warnings could be timely! Isn't this just wonderful?
And given the frequent need for these notifications that would enable the added in advertising in these important communications. And with such engendered warm feelings for the caring and responsible manufacturers surely we would welcome each packet of love.
Why did the rose-colored lenses in my glasses just shatter? Hmm, let me go look in my mailbox...