What is the size of this list?

[secse-chair at sislab.no (Martin Gilje Jaatun)]

Rafael Ruiz wrote:
> I am a lurker (I think), I am an embedded programmer and work at
> Lowrance (a brand of the Navico company), and I don't think I can't
> provide too much to security because embedded software is closed per se.
>   
IMHO, it is very dangerous to assume that "since it is embedded, nobody 
has the source code". This "security through obscurity" approach was 
employed by the Bell telephone system in th 70's and 80's, but it turned 
out that there was no limit to what Phone Phreaks and their kin could 
dig up of supposedly secret information, including schematics and 
instruction manuals.

In more recent times, reverse engineering of the DVD Content Scrambling 
System (CSS) and various RFID electronic fare cards has proven that if 
someone has physical access to a device, you must also assume that they 
can access the software.

-Martin