SANS Says Your Computer's Back Door Is Wide Open

["Richard M. Smith" <rms () computerbytesman com>]

http://blog.wired.com/sterling/2008/03/sans-says-your.html

By Bruce Sterling  <mailto:bruces () well com> EmailMarch 28, 2008 | 11:09:52
PM 

(((And when SANS says it, they mean it. If you can help with this colossal
scandal, you should.)))

--Closing the Back Doors in Printers, Computers, and Appliances 

Hundreds of millions of devices are being placed on networks with built-in
back doors. Printers, routers, computers, control systems, storage systems,
medical devices, nearly every automated device has them. (((Oh dear me.))) 

The manufacturers of these systems never told you how vulnerable you are.
One victim said "It's as if the people who are supposed to help me put a big
sign on my door saying 'the key is under the mat by the back door,' and
anyone can come in and violate me and my family." These vulnerable back
doors were installed to allow remote management; they are fully functioning
processors with network connections, operating systems, and memory. In
addition to being able to disable the device, in many cases they provide
remote back-door access to the main CPU and storage of the computer or other
device. They may not be logged or monitored and therefore can be attacked
repeatedly without fear of being caught. 

In Intel-based PCs and servers they are usually called BMCs, or baseboard
management controllers and are used as intelligent controllers for
inventory, monitoring, logging, and recovery control functions available
independent of the main processors, BIOS, and operating system. 

.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.