In December 2013 I was able to abuse the insecurity of the KNX/IP protocol in a large home automation setting: The St. Regis Hotel in ShenZhen. The KNX Association responded to the incident with a brief statement on their webpage. The response seems odd, as it is half an apology for being an old standard that failed to keep with the security requirements of a connected world, half defending their security because they provide security through obscurity (ironically, it is supposed to be an “open “standard”)
Thank you very much to all of you that attended my talks at BlackHat and Defcon. If you are interested in the supporting materials of the talk, I am providing a local mirror for download:
This blog post is not a troll against OpenStack. It started as a response to a twitter post, and transitioned to a reflection on the governance of Open Source projects and its impact on the code. And I am not implying Openstack is worse than Linux, just that it is a different form of open source, is not the Linux for cloud and I will tell you why. Linux was created with a vision, to provide a free and open operating system while OpenStack is just a tool to pool resources between companies to create an open cloud ecosystem. This reflects in several aspects of OpenStack, but the more glaring difference is Governance.
OpenStack and CloudStack are open source software to create infrastructure as a service (IaaS) clouds. Both are under the Apache License, which allows creating derivative projects, and even close sourcing them as long as you maintain the copyright notices. They represent a new wave of open software, where companies open their code to pool resources to other interested parties (another relevant example of that trend is CloudFoundy to create PaaS). I recently attended the respective conferences for these software packages. More than the contents, the dynamics of each conference provided a very representative insight of the software.