funsec mailing list archives
Re: SANS Says Your Computer's Back Door Is Wide Open
From: "Daniel H. Renner" <dan () losangelescomputerhelp com>
Date: Sat, 29 Mar 2008 09:33:23 -0700
funsec-request () linuxbox org wrote:
Date: Sat, 29 Mar 2008 10:45:40 -0400 From: "Richard M. Smith" <rms () computerbytesman com> Subject: [funsec] SANS Says Your Computer's Back Door Is Wide Open To: <funsec () linuxbox org> Message-ID: <001d01c891ab$8f542270$adfc6750$@com> Content-Type: text/plain; charset="us-ascii" http://blog.wired.com/sterling/2008/03/sans-says-your.html By Bruce Sterling <mailto:bruces () well com> EmailMarch 28, 2008 | 11:09:52 PM (((And when SANS says it, they mean it. If you can help with this colossal scandal, you should.))) --Closing the Back Doors in Printers, Computers, and Appliances Hundreds of millions of devices are being placed on networks with built-in back doors. Printers, routers, computers, control systems, storage systems, medical devices, nearly every automated device has them. (((Oh dear me.))) The manufacturers of these systems never told you how vulnerable you are. One victim said "It's as if the people who are supposed to help me put a big sign on my door saying 'the key is under the mat by the back door,' and anyone can come in and violate me and my family." These vulnerable back doors were installed to allow remote management; they are fully functioning processors with network connections, operating systems, and memory. In addition to being able to disable the device, in many cases they provide remote back-door access to the main CPU and storage of the computer or other device. They may not be logged or monitored and therefore can be attacked repeatedly without fear of being caught. In Intel-based PCs and servers they are usually called BMCs, or baseboard management controllers and are used as intelligent controllers for inventory, monitoring, logging, and recovery control functions available independent of the main processors, BIOS, and operating system. .
In 1999 or 2000 I watched someone climb over my Linksys router and become a part of our internal LAN. Since then we don't sell routers to businesses, and we don't put gateways on printers or NAS devices. (Since when did a printer or a hard drive need to communicate out to the Internet!?) So, if the above claim is true, one would have to wonder WHO is in a position of power sufficient to order such backdoors over the obvious disagreements of the ethical manufacturers... Sincerely, Daniel H. Renner President Los Angeles Computerhelp A division of Computerhelp, Inc. 818-352-8700 http://losangelescomputerhelp.com "A government big enough to give you everything you want, is big enough to take away everything you have.' Thomas Jefferson _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- SANS Says Your Computer's Back Door Is Wide Open Richard M. Smith (Mar 29)
- Re: SANS Says Your Computer's Back Door Is Wide Open Rich Kulawiec (Mar 29)
- <Possible follow-ups>
- Re: SANS Says Your Computer's Back Door Is Wide Open Daniel H. Renner (Mar 29)
- Re: SANS Says Your Computer's Back Door Is Wide Open The Security Community (Mar 31)
- Re: SANS Says Your Computer's Back Door Is Wide Open Daniel H. Renner (Mar 31)
- Re: SANS Says Your Computer's Back Door Is Wide Open The Security Community (Mar 31)