alt Hacker Newsthe problem is that these laws just make the problem bigger - instead of having to compromise 100 thousand routers they can just compromise a single update server from a vendor that doesn't care about security.
the fallout is some companies losing their revenue: https://status.neoprotect.net/ and other headaches for people all over the world
Replies
mmooss • today at 1:11 AM
Or the law makes the problem smaller, by making the routers secure, and makes outcomes just, by penalizing the responsible companies.
➕ show 1 reply
But that's already true for most cases and devices. Most people using most devices let auto updates just happen.
And the other option isn't that much better, because "don't do autoupdates because maybe the update server is compromised" leads to a bunch of unsecured devices everywhere.
The only "real" solution is also completely unrealistic: Every private person disables auto updates, then reads the change log, downloads updates manually, and checks them against some checksum.
The better solution would be to simply increase fines until morale improves.