Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Fwd: Basically every WiFi device just hacked?
On 16/10/17 01:51 PM, Carlos E. R. wrote:
I understand that every openSUSE machine is vulnerable till every
machine in the same network is patched. Once a single one is
successfully attacked, they are in. In the network, that is.

That applies at the more general level as well; if the proverbial and nefarious
"they" get in to a programmable device then 'they" can do pretty much whatever
is within their capability to any information on your network. Many of the
protocols that would otherwise be encrypted to the outside world are either in
the clear or are stored, temporarily or otherwise in files.

I may use TLS and IMAPS and SMTP-S to my server but the mail message I send is
in cleartext in my local 'sent' folder, and I might save critical files that I
read locally.

in my DatabaseOfDotSigQuotes, subsection 'security', there is:

"If you have only one layer of protection you are only
as safe as the next bug-de-jour"
- Brad M Powell, Snr Network Security Architect, Sun Microsystems

Besides, any communication protocol that uses encryption is safe, even
if they get entry to our WiFi: ssh, https... but not, I think, smb, nfs,
most email...

If and only if "they" are limited , somehow, to only sniffing the network
traffic, then source-encrypted traffic is 'safe', for varying levels and
interpretations of 'safe'.

In which case the argument against broadcast traffic, the use of switches,
aggressive subletting, or putting each device on its own port on a router (or
sophisticated switch), that is every device on its own DMZ, and having a "deny
all except" filtering policy (the wifi router doesn't need to have a SMTP
connection the the SAN, in fact the SAN it doesn't need anything except SMB and
NFS and HTTPS from and only from the management device) should be considered the
baseline.

More realistically, what seems to be a reasonable level of security in this day
and age is requiring a great deal of administration & configuration management.
I'm seeing products that can do all this, but I still feel that are
overwhelming. Why do need three doublewide screens to display the dashboard of
this software telling me what's going on on my network.

Marcus Ranum once commented that while umbrellas are only of limited use and
have other problems, at least they don't annoy you by notifying you of every
raindrop they stop.

In a broader sense, if we are so perverse as to call computer malware "bugs" and
"viruses" and "worms", and use other biological analogies, then why do we deny
what biological systems really do about attacks? My skin, my gut, my whole
immune system is the end point of millennia of an evolutionary war the scale of
which the computer world has never seen. I shrug off, every hour, thousands of
'attacks' by a wide variety of, also highly evolved, micro-organisms. it's not
a perfect scheme; it breaks down sometimes. The old advert "kills 99% of known
germs" applies. it's the unknown and the 1% that matter".

But even so, so that 99% my body has no dashboard to tell me what's going on,
and even for the 1% there are artificial aids ("antibiotics") when I am
alerted.


I think we have a technology and approach to technology that seems more
interested in feeding the inner geek of the sysadmins than in securing our
technological infrastructure.




--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >