On Mon, 3 Oct 2016, Lyndon Nerenberg wrote:
The only cure to this will be changing the law so that the directors of the companies that ship massively insecure devices like these are personally liable for all the financial loss attributed to their products. Bankrupt a few companies' board of directors and you'll start seeing things change in a hurry.
Manufacturers are global, and their distribution is global. Local, technical laws are difficult at best to get enacted, much less consistently and by 190+ countries. And even when technically-minded laws are implemented (see US Federal and State Do Not Call Lists) they are problematic and difficult to enforce when abuse may be coming from outside the US. And the tech usually is far ahead of the legislation. The common device through which all of these smart devices will pass is the router. Router manufacturers often build and sell larger big iron routers to ISPs, or ISPs are buying end-user routers from manufacturers and reselling to their customers. ISPs are motivated financially to avoid unwanted and "bad" traffic on their networks. The global ISP community is in the best position here to pressure their vendors to implement a standard on end-user routers which protects their networks from rogue and unsecured devices. The IoT manufacturers will need to follow standards that the router manufacturers implement to limit the negative impact of IoT devices if they want their devices on the network/Internet. When the standards are available to help protect the ISP networks at the end of the last mile from unwanted and fraudulently created traffic, and the ISPs pressure/demand the router manufacturers to implement the protections, IoT and other device manufacturers will fall in line. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------