Another perspective from an author
Folks, I thought I would take a look at what some of your comments say, from a different angle:
(a) people *don't* have a separate LAN for managing their e-fridges, digital picture frames, etc.
(b) the laptops with embedded LOM happen to use the Starbucks WiFi AP
(c) the one engineer working on the embedded management interface for a particular device doesn't necessarily have a security background and has to finish the job *yesterday*
(d) ... shall we continue?
The problem is real, and is emerging only now (one of the reasons being cheaper networking HW and processing power, which allow embedding a small web server practically anywhere). We have to fix this one way or another. The people developing this software are not going to magically become security-savvy, and development schedules are not going to expand to allow for more security testing. What are you doing to help?
Biting the hand that feeds IT
