[$] Antipatterns in IoT security

Lots of interesting talk about the fundamentals of a secure system and it’s applications to computers.

Quote I liked (empahasis mine):

The most basic security antipattern is to “do nothing”. That means accepting any and all risk, though. Another is to “do it yourself”; that leads to thinking the system is secure because of custom elements, such as non-peer-reviewed cryptography algorithms or implementations and security through obscurity. “Hand-rolled” security systems have not fared well over the years—developers have learned that implementing stream ciphers, for example, should not be tackled in-house. But there is still a fair amount of security by obscurity, such as “super unguessable URLs”. If a product becomes successful, which is what you want, the unguessable will become all-too-guessable.

Source: [$] Antipatterns in IoT security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s