[Discuss] seminar Thursday June 26: Jim Gettys on "(In)Security in Home Embedded Devices"

[tmetro+blu at gmail.com (Tom Metro)]

Jim Gettys has given talks locally for BBLISA (on bufferbloat) and IoT
Fest (same topic as below), and usually has good content.

 -Tom


-------- Original Message --------
Subject: [GBC-ACM] upcoming seminar Thursday June 26: Jim Gettys on
"(In)Security in Home Embedded Devices"
Date: Mon, 23 Jun 2014 20:52:32 -0400
From: Peter Mager

[...]

IEEE Computer Society and GBC/ACM

7:00 PM, Thursday, 26 June 2014

MIT Room E51-325

(In)Security in Home Embedded Devices

Jim Gettys

We now wander in Best Buy, Lowes and on Amazon and buy all sorts of
devices from thermostats, hi-fi gear, tablets, phones, and laptops or
desktops as well as home routers to build our home networks. Most of
these we plug in and forget about. But should we?

"Familiarity Breeds Contempt: The Honeymoon Effect and the Role of
Legacy Code in Zero-Day Vulnerabilities", by Clark, Fry, Blaze and Smith
makes clear that ignoring these devices is foolhardy; unmaintained
systems become more vulnerable, with time.

Structural issues in the market make the situation yet worse, as pointed
out in Bruce Schneier's Wired editorial in January: "The Internet of
Things Is Wildly Insecure And Often Unpatchable", which I instigated and
fed Bruce the ammunition. "Binary blobs" used in these systems have the
net effect of "freezing" software versions, often on many year old
versions of system software. Even if update streams are available (which
they seldom are), blobs may make it impossible to update to versions
free of a vulnerability.

There are immediate actions you can personally take, e.g. by running
open source router firmware in your network, but fixing this problem
generically will take many years, as it involves fundamental changes and
an attitude change in how we develop and maintain embedded systems, and
hardest, changes in business models to enable long term support of
popular hardware.


About Jim

Jim Gettys is an American computer programmer. He coined the term
"bufferbloat" and has organized efforts to combat it in the Internet
(see gettys.wordpress.com), and has been working on home routers. He was
the Vice President of Software at the One Laptop per Child project,
working on the software for the OLPC XO-1. He is one of the original
developers of the X Window System at MIT and worked on it again with
X.Org, where he served on the board of directors. He previously served
on the GNOME foundation board of directors. He worked at the World Wide
Web Consortium (W3C) and was the editor of the HTTP/1.1 specification in
the Internet Engineering Task Force through draft standard. Gettys
helped establish the handhelds.org community, from which the development
of Linux on handheld devices can be traced.



This joint meeting of the Boston Chapter of the IEEE Computer Society
and GBC/ACM will be held in MIT Room E51-325.  E51 is the Tang Center on
the corner of Wadsworth and Amherst Sts and Memorial Dr.; it's mostly
used by the Sloan School. You can see it on this map of the MIT campus.
Room 325 is on the 3rd floor.

Up-to-date information about this and other talks is available online at
http://ewh.ieee.org/r1/boston/computer/. You can sign up to receive
updated status information about this talk and informational emails
about future talks at http://mailman.mit.edu/mailman/listinfo/ieee-cs,
our self-administered mailing list.

We  will be taking Jim out  for a light dinner at Westbridge after the
meeting at around 9 pm.  Please rsvp to p.mager at computer.org if you
want to join us so we can make the appropriate reservation.
There are still places available at the gbc/acm R seminar
<http://www.gbcacm.org/pds/2014R/index.html> on Saturday.  Use the
discount code BIGDATA for $100 off the registration fee if you decide to go.
_______________________________________________
To subscribe or unsubscribe to this list via the web, go to
http://mailman.mit.edu/mailman/listinfo/gbc-acm
or see the List headers at the top of this message to do so by E-Mail.