RE: Worms, Air Gaps and Responsibility

[Frank Knobbe <frank () knobbe us>]

On Mon, 2004-05-17 at 13:02, Dana Nowell wrote:
> Multiplatform attacks are due but I personally doubt the router is the
> secondary target of choice, unfortunately my money's on PDAs and cell
> phones via sync software and wireless.

Perhaps for viruses, but not for worms as these devices tend not to be
permanently wired or reachable.

Several years ago, the folks from Phenoelit were presenting exploits on
Cisco routers and HP printers. I had $20 on a worm that spreads through
printers since there are frighteningly many printers directly connected
to the Internet (after all, it's just a printer, right? :)
Likewise, a worm ripping through Cisco routers gives me the creeps, but
luckily these are often setup with a decent or secure enough
configurations. (I don't recall there actually being a printer worm.)

But what about Cable modems or DSL routers? Any component that is not a
computer, or has services open, tends to be ignored/dismissed too
quickly. Once we were shown that laser printers can be converted to do
thy bidding in the form of password brute forcing and other... uhm...
non-paper related tasks. Who would have thought...

But you are right... It seems I'm dismissing cell phones and PDAs here,
and I shouldn't be doing that.

I believe there will be a worm at some time that will be totally
unexpected. While we are busy securing hosts and networks, something
nasty will rip. Not because we failed to protect ourselves, but because
we didn't see it coming from that angle. Not a lack of ACLs, but a lack
of contemplation, dare I say imagination.

Better get your thumpers ready, worms signs are increasing....

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part