Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vint Cerf: CS Programs Must Change To Adapt To Internet of Things

Posted by samzenpus on from the get-to-learning dept.

chicksdaddy (814965) writes "The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google's Internet Evangelist. Cerf, speaking in a public Google Hangout (video) on Wednesday, said that he's tremendously excited about the possibilities of an Internet of billions of connected objects. But Cerf warned that it necessitates big changes in the way that software is written. Securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – one that the nation's universities need to start addressing. Internet of Things products need to do a better job managing access control and use strong authentication to secure communications between devices."

9 of 163 comments (clear)

  1. They can teach whatever they want. by Anonymous Coward · · Score: 5, Insightful

    But until lawsuits make fixing things more affordable than ignoring the gaping holes, you're going to be playing guinea pig. That's just the free market at work.

    1. Re:They can teach whatever they want. by Cryacin · · Score: 5, Interesting

      This. A thousand times This. I have been in meetings where security has explicitly been regarded as irrelevant, where one way encrypting passwords from plaintext on the client is irrelevant, and where we can trust our employees to always do the right thing with all of our users passwords, and "what could they do with the passwords that is outside of our irrelevant application" was bandied around the room as acceptable.

      They should not be teaching the importance of such things to CS students, but much rather to the MBA's and BBus students. It's not the knowledge of the need for security amongst those that build, but the desire to pay for it from Management.

      --
      Science advances one funeral at a time- Max Planck
    2. Re:They can teach whatever they want. by mlts · · Score: 4, Insightful

      Nail, head, hit. Even if someone had a device that had obvious security failings that were unfixable, the EULA/TOS by opening it up and turning it on would ensure that lawsuits would not proceed (either by forcing arbitration, or just a clause stating that it isn't their fault, no matter what.)

      I have no interest in IoT. Realistically, what has to be on the Internet all the time and take commands? Why do we need to give devices full exposure if it isn't needed?

      If someone wants status messages from devices, why not just have devices communicate via BlueTooth to a log box, and said log box present the data to where it needs to go? This would force an intruder to have to hack that core box, then use BlueTooth weaknesses to jump to actual devices, rather than just run scripts blindly and hope someone's widget shows up.

  2. Stupid by hsmith · · Score: 5, Insightful

    You teach core and theory and you apply it to whatever the current fad is. It is preposterous for a computer science program to be geared directly to some "thing" that is currently popular or will be.

    College is about learning theory and how to apply it, it isn't a vocational program.

    1. Re:Stupid by bmo · · Score: 4, Insightful

      College is about learning theory and how to apply it, it isn't a vocational program.

      When you have a $100k bill to pay off that you can't escape through bankruptcy, you'd better have some way to pay it off. When you have a trillion dollar debt problem based upon this (see previous slashdot headlines) you have what they call a "real problem."

      What you say is a nice sentiment. It's a sentiment that was only valid 40 years ago, when a summer job every year could pay for tuition at Northeastern.

      It is also preposterous to not teach the concepts of security for devices connected to hostile environments (i.e., every network ever), and networking is not a "fad." The only people that thought that the Internet and networking in general for "the great unwashed" were fads were "futurists" like Cliff Stoll who were wildly wrong in 1995.

      http://www.newsweek.com/cliffo...

      Read that. A 30 year trend is not a fad.

      --
      BMO

  3. Re:But why do we need the internet of things by ArcadeMan · · Score: 5, Funny

    Your sock drawer would know how many time each sock has been fucked, it would alert your washer to wash two cycles instead of one, it could tell your fridge to order more detergent since it's in charge of the grocery list and it could buy more sexy lingerie on Amazon for your girlfriend since you're obviously ignoring her physical needs.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  4. Oh yeah sure. by istartedi · · Score: 4, Insightful

    My Internet-enabled fridge needs to be developed using proper security procedures which are ummm.... not applicable to any other field such as SCADA or medical database systems that are already in place. Who's smoking the crack here, the journalists or Cerf? I'm betting it's the journalists and that he's misquoted and/or being quoted out of context. Too lazy to RTFA of course...

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  5. Re:But why do we need the internet of things by ArcadeMan · · Score: 4, Funny

    I got +1 insightful for that? Scary.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  6. The Internet of socket puppets by WaffleMonster · · Score: 4, Interesting

    Apparently what the Internet needs most is yet another buzzword so nebulous, context free and ill defined nobody really understands what it is your talking about.

    If "Internet of things" means home automation the technology has been around for decades yet remains a small niche market. "you can ..." scenarios are fun and cool and functional and all yet tend to impart very little useful value to the owner. I don't need or want Internet connected thermostats, light bulbs and toasters. As for security we can't even communicate securely. Email, Telephone/SMS are wholly insecure and trivially spoofed by anyone. Securing a mythical buzzword is not a problem I chose to spend my time perusing.