Re: SANS Says Your Computer's Back Door Is Wide Open

["Daniel H. Renner" <dan () losangelescomputerhelp com>]

funsec-request () linuxbox org wrote:
> Date: Sat, 29 Mar 2008 10:45:40 -0400
> From: "Richard M. Smith" <rms () computerbytesman com>
> Subject: [funsec] SANS Says Your Computer's Back Door Is Wide Open
> To: <funsec () linuxbox org>
> Message-ID: <001d01c891ab$8f542270$adfc6750$@com>
> Content-Type: text/plain; charset="us-ascii"
>
> http://blog.wired.com/sterling/2008/03/sans-says-your.html
>
> By Bruce Sterling  <mailto:bruces () well com> EmailMarch 28, 2008 | 11:09:52
> PM 
>
> (((And when SANS says it, they mean it. If you can help with this colossal
> scandal, you should.)))
>
> --Closing the Back Doors in Printers, Computers, and Appliances 
>
> Hundreds of millions of devices are being placed on networks with built-in
> back doors. Printers, routers, computers, control systems, storage systems,
> medical devices, nearly every automated device has them. (((Oh dear me.))) 
>
> The manufacturers of these systems never told you how vulnerable you are.
> One victim said "It's as if the people who are supposed to help me put a big
> sign on my door saying 'the key is under the mat by the back door,' and
> anyone can come in and violate me and my family." These vulnerable back
> doors were installed to allow remote management; they are fully functioning
> processors with network connections, operating systems, and memory. In
> addition to being able to disable the device, in many cases they provide
> remote back-door access to the main CPU and storage of the computer or other
> device. They may not be logged or monitored and therefore can be attacked
> repeatedly without fear of being caught. 
>
> In Intel-based PCs and servers they are usually called BMCs, or baseboard
> management controllers and are used as intelligent controllers for
> inventory, monitoring, logging, and recovery control functions available
> independent of the main processors, BIOS, and operating system. 
>
> .

In 1999 or 2000 I watched someone climb over my Linksys router and 
become a part of our internal LAN.

Since then we don't sell routers to businesses, and we don't put 
gateways on printers or NAS devices.  (Since when did a printer or a 
hard drive need to communicate out to the Internet!?)

So, if the above claim is true, one would have to wonder WHO is in a 
position of power sufficient to order such backdoors over the obvious 
disagreements of the ethical manufacturers...



Sincerely,

Daniel H. Renner
President
Los Angeles Computerhelp
A division of Computerhelp, Inc.
818-352-8700
http://losangelescomputerhelp.com

"A government big enough to give you everything you want, is big enough 
to take away everything you have.'
Thomas Jefferson


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.