Re: dumb. Comcast pop-ups

[Michael Collins <mcollins () aleae com>]

Heh,

One of the fun exercises I like to spring on people is to play out the  
following scenario: assume you've got an embedded system of some kind  
being controlled by a windows 3.1 box.  Let's say it's doing something  
like wrapping candybars or stamping plaques or wahtever, it's  
piecework payment.  The machine gets 0wned, and while it's not doing  
anything that's impacting you personally, it's contributing a couple  
of kb/s to spamming or ddosing or other fun things.  Is it in your  
interest to sacrifice the day, and the consequent profits involved in  
fixing your box, to solve the problem or better to just let it run?

The problem was given a more concrete example by a colleague who  
pointed out that most medical hardware running on windows boxes is not  
only certified for windows only, but specific *patchlevels*, and that  
consequently these machines can get restored, taken down, reinstalled,  
and put back on the net with known vulnerabilities because their  
software is certified with vulnerabilities intact.

On Oct 10, 2009, at 9:06 PM, Jon Kibler wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Toralv_Dirro () mcafee com wrote:
>
> > And prevent their customers from some activity on the internet that  
> > may be extremely urgent and important? As much as I would prefer  
> > such an approach personally, I'm afraid this is not a realistic  
> > option in the real world.
>
> Exactly!!
>
> All users with infected computers should be BANNED from the Internet  
> until their
> boxes are clean!! Access to an ISP sandbox would be semi-okay, but  
> allow
> infected computers access to the Internet in general? Not only  
> "NO!", but "HELL
> NO!!".
>
> Denying access to the few -- those with infected computers -- to  
> protect the
> greater masses is EXACTLY the right move! We do not allow  
> individuals who have
> highly contagious diseases to randomly wander in public spreading  
> their
> infection, so why should we allow their computers to do the same?
>
> There is absolutely no "life critical" event that requires immediate  
> Internet
> access by an infected system! Despite what millions of CrackBerry  
> users may
> claim, not having instant email access is *not* a "life critical"  
> event!!
>
> "Quarantine to few to protect the many!" That should be the  
> operational mantra
> of all ISPs.
>
> Jon
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-813-2924
> s: 843-564-4224
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrRL5sACgkQUVxQRc85QlOUgwCfUMli1gRRFmo1QcFhXIhsxa+a
> JvYAn19AxBUqNZ/DNMpecOo92EARWm12
> =5hLe
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.