[perpass] Minimal benefit from perimeter protection (was: Re: US intelligence chief says we might use the IoT to spy on you)
Dave Crocker <dhc@dcrocker.net> Thu, 11 February 2016 16:42 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD721B2C2E for <perpass@ietfa.amsl.com>; Thu, 11 Feb 2016 08:42:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lorjv2dEx1LJ for <perpass@ietfa.amsl.com>; Thu, 11 Feb 2016 08:42:33 -0800 (PST)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AF491B3440 for <perpass@ietf.org>; Thu, 11 Feb 2016 08:42:33 -0800 (PST)
Received: from [192.168.1.87] (76-218-10-206.lightspeed.sntcca.sbcglobal.net [76.218.10.206]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id u1BGgWcf008515 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT) for <perpass@ietf.org>; Thu, 11 Feb 2016 08:42:33 -0800
To: perpass <perpass@ietf.org>
References: <D2E1E4F0.3C6A1%harper@isoc.org> <946B2223-C0BD-4AFE-AE76-99478609104F@vigilsec.com> <56BCA55E.2020205@cs.tcd.ie>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <56BCB9F8.4090503@dcrocker.net>
Date: Thu, 11 Feb 2016 08:42:32 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <56BCA55E.2020205@cs.tcd.ie>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Thu, 11 Feb 2016 08:42:33 -0800 (PST)
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/JUMJqt6OTI7CNG9fLc95Q-5st5o>
Subject: [perpass] Minimal benefit from perimeter protection (was: Re: US intelligence chief says we might use the IoT to spy on you)
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2016 16:42:34 -0000
On 2/11/2016 7:14 AM, Stephen Farrell wrote: > On 11/02/16 15:02, Russ Housley wrote: >> http://www.theguardian.com/technology/2016/feb/09/internet-of-things-smart-home-devices-government-surveillance-james-clapper?CMP=share_btn_fb >> >> > Yeah, that's a shocker eh;-( In terms of privacy, it is worth treating statements about likely exploitation for attacks as merely one more basis for increasing protections. Until recently, I'd assumed that the IOT devices in a home could be isolated from the devices under more classic control, such as personal computers. That is, since a user does the regular administration of their computer, its safe operation is likely to be more predictable, whereas all those IoT-ish devices are likely to be more vulnerable. So set up a barrier (firewall) between them. It's increasingly clear that a) a firewall isn't really possible, given the extent of interoperation needed among /all/ the devices in a home, and b) none of the classic consumer devices (pc/laptop, tablet, whatever) are as much under user control as one would like to think. [1, 2] Simply put, we need to design protection mechanisms on the assumption that every single device is being told by outsiders (vendors, attackers, whoever) to obtain and report data we might wish them not to. There's no safe island. d/ [1] http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/ [2] http://arstechnica.com/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- [perpass] US intelligence chief says we might use… Russ Housley
- Re: [perpass] US intelligence chief says we might… Joseph Lorenzo Hall
- Re: [perpass] US intelligence chief says we might… Stephen Farrell
- Re: [perpass] US intelligence chief says we might… dan
- [perpass] Minimal benefit from perimeter protecti… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Christian Huitema
- Re: [perpass] US intelligence chief says we might… Ted Lemon
- Re: [perpass] US intelligence chief says we might… dan
- Re: [perpass] US intelligence chief says we might… Paul Ferguson
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Brian Trammell
- Re: [perpass] US intelligence chief says we might… Michael Richardson
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Dan York
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Olle E. Johansson
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Olle E. Johansson
- Re: [perpass] US intelligence chief says we might… dan