From justin at madirish.net  Tue Dec  1 13:55:13 2015
From: justin at madirish.net (Justin Klein Keane)
Date: Tue, 01 Dec 2015 08:55:13 -0500
Subject: [Owasp_internet_of_things_project] How not to do PKI
Message-ID: <a17a4f558af7de21110b8cbbd9d4fb2b@madirish.net>

Hello all,

   Not sure if folks saw this posting on the Sophos blog but it's a great 
breakdown of how not to do PKI for IoT.  TLDR: "Millions of Internet 
Things are ?secured? by the same ?private? keys"

https://nakedsecurity.sophos.com/2015/11/30/millions-of-internet-things-are-secured-by-the-same-private-keys/

The suggestions at the bottom of the list are really good ones, and 
probably things we should include in the framework assessment 
(https://www.owasp.org/index.php/IoT_Framework_Assessment).

Cheers,

-- 

Justin C. Klein Keane
http://www.MadIrish.net