Monday, December 28, 2015

IoT -- when cyber security is there but is wrong (RSI Videofid)

Kudos to RSI Videofied, a French company, making surveillance devices, for thinking of cyber security (was there an option) and actually executing the plan. Problem is: they'd be better off with no security or masquerade security, when you look like you have but not really -- more of a social engineering step to create disincentives to script kiddies.

So it turns out the implementation is utterly broken. It remnds me of the "firewall" fallacy I hear so often: "but we have firewalls, we're safe".

Again, cybersec has many faces and aspects. It is a machine with multiple moving parts. Each adds a bit on its own but the real value is when the machine is fully working and all parts are moving. On top of that, technical controls, such as choice of encryption, can be complex and hard to get right. It seems to have been the case.

No comments:

Post a Comment