Educause Security Discussion mailing list archives
Re: potential security issues with embedded systems?
From: Randy Marchany <marchany () VT EDU>
Date: Thu, 11 Dec 2003 20:56:17 -0500
We've had equipment show up that is based on NT4.0SP3...not a good thing. It's not just Windows. Some vendors sell equipment that uses r-commands for authentication, TFTP to download firmware...you get the idea. I know of MRI units that have controllers running older OS that haven't been patched with the current patch list. Environmental controller for buildings (heat, lights, a/c) based on r-hosts authentication (Hey, the vendor recommends you put the systems behind a firewall). Embedded controllers are a serious risk to the infrastructure because at best, they just blast packets on the net (point your browser to a networked laser printer) and at worst can cause damage. Randy Marchany VA Tech IT Security Lab Blacksburg, VA http://security.vt.edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- potential security issues with embedded systems? Kyle Barger (Dec 11)
- <Possible follow-ups>
- Re: potential security issues with embedded systems? Paul Russell (Dec 11)
- Re: potential security issues with embedded systems? H. Morrow Long (Dec 11)
- Re: potential security issues with embedded systems? Gary Flynn (Dec 11)
- Re: potential security issues with embedded systems? Scott Bradner (Dec 11)
- Re: potential security issues with embedded systems? Cal Frye (Dec 11)
- Re: potential security issues with embedded systems? Jere Retzer (Dec 11)
- Re: potential security issues with embedded systems? Randy Marchany (Dec 11)
- Re: potential security issues with embedded systems? Jack Suess (Dec 11)
- Re: potential security issues with embedded systems? Dewitt Latimer (Dec 12)
- Re: potential security issues with embedded systems? Scott Bradner (Dec 12)
- Re: potential security issues with embedded systems? Don Westlight (Dec 12)
- Re: potential security issues with embedded systems? Tom Jackson (Dec 12)