cross-posted from: https://lemmy.world/post/32265822

xkcd #3109: Dehumidifier

xkcd #3109: Dehumidifier

Title text:

It’s important for devices to have internet connectivity so the manufacturer can patch remote exploits.

Transcript:

[A store salesman, Hairy, is showing Cueball a dehumidifier, with a “SALE” label on it. Several other unidentified devices, possibly other dehumidifier models, are shown in the store as well.]

Salesman: This dehumidifier model features built-in WiFi for remote updates.
Cueball: Great! That will be really useful if they discover a new kind of water.

Source: https://xkcd.com/3109/

explainxkcd for #3109

  • tjoa@feddit.orgEnglish
    0·
    1 day ago

    FYI I learned About VLANs that it is in no way „locked down“. I can spoof the MAC address of a known device from a specific VLAN and I’m in that VLAN. Yes your devices can’t reach the internet/other devices by default but it won’t stop a bad actor.

    • teslasaur@lemmy.worldEnglish
      0·
      15 hours ago

      Well. The segmentation is to avoid security holes from Rogue third party devices. If you can access my pc vlan that only exists on my wired pcconnection, then you have indeed broken in to my domain. Letting the things that doesn’t give a shit about security have their own network is just sanity/sanitary.

    • flux@lemmy.mlEnglish
      0·
      16 hours ago

      Depends on you hw. That seems rather poor implementation… I believe my TP switch might handle that, because it rejects traffic to its management interface from mac X from vlan 20 because it sees the same mac in vlan 10… (only vlan 20 is allowed for management)

    • interdimensionalmeme@lemmy.mlEnglish
      0·
      1 day ago

      Yes, VLAN is an IT convenience feature, you don’t need it just because it is a feature of the more expensive hardware.

      Instead just establish separate L2s and operate proper L3 firewalls between them. For IoT devices, any kind of reliable potato will do just fine.