Anti Virus Needed
Andre Kesteloot
andre.kesteloot at verizon.net
Sun Jan 19 17:19:56 CST 2014
On 1/19/2014 17:37 PM, Mike ODELL wrote:
> make sure the network of those devices is completely and totally air-gapped
> from the Global Internet. even better, turn off the network silliness in those
> devices. turn off the wifi and disconnect the Ethernet cable. the SNMP Toaster
> was a joke from long ago. we never imagined anyone would do it seriously.
thanks !
That is what we have at my day-job, but that is hardly practical for the
every-day home-user.
>
> at CES, there were several "door lock sets" which speak IP over wifi.
> WTF were they thinking?
>
> the even nastier little secret is that you already have a network box which
> Could already have already have been compromised: your router/wifi box.
yes most probably !
> most of
> them run really old, crufty versions of all the software based on old crufty
> versions of Linux and the user-level code that runs outside of the kernel.
> examples: dhcp server, DNS, nat configuration, packet filter configuration, wifi
> command and control, and the web server stack that provides the
> user interface. if your box can run it, OpenWrt is better than most.
[...]
> so people go inviting everyone in the whole world into everything
> they own.
>
> the use of compartmentation like is done using Invincea and containers as done by
> Solaris/Illumos, FreeBSD, and Linux, and sand boxing as done by OS/X and iOS appear
> to be gaining the upper hand by providing a way to isolate activities so that compromises
> can't damage other things while doing so with a tiny fraction of the overhead of, oh, VMware.
> and because of that, services can be run lightly and the container destroyed regularly
> and recreated freshly, thereby eliminating various "persistent" attracts.
>
> -mo
>
thanks
73
André
---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
More information about the Tacos
mailing list