[Tfug] Static/Dynamic (IP,name) bindings

Robert Hunter hunter at tfug.org
Thu Sep 13 21:48:39 MST 2012


On Fri, Sep 14, 2012 at 6:08 AM, Bexley Hall <bexley401 at yahoo.com> wrote:
> And, it still isn't a guaranteed fix.  E.g., plug the device in
> question directly into that laptop (or, use a dual-NIC laptop
> as a bridge) and the fancy switch doesn't help you at all!
> Once the code is loaded, remove the laptop and sneak back out
> of the house "innocently".

I thought you were just setting up something for yourself.  Now I see
that you are thinking in terms of a consumer product.  Furthermore,
you are describing a kind of worst-case scenario, where a non-techie
user is beset by high-tech bad guys, who could rappel in from the
roof, wearing night vision goggles, and satellite-fed wrist computers.
 Well, that simplifies things tremendously: in that scenario, there is
no such thing as a "secure system". :)

> Yes.  But, again, that assumes the consumer is aware of this
> risk, understands it and is willing to invest the time and
> money to make those changes.  "Why can't I keep things the
> way they are?"

I don't know -- that's a marketing issue. :P

> How many folks *actively* worry about their internet exposure?
> Or, information leaks from their cell phones?  etc.

Probably not many -- and for those that do, probably not enough.  In a
previous thread, someone mentioned Ken Thompson's "Trusting Trust"
essay.  It's a must-read for anyone concerned with computer security.

http://cm.bell-labs.com/who/ken/trust.html

After reading Thompson's article, you may start thinking of "security"
in relative terms.  Linus Torvalds said that he has three firewalls
between his development machine and the Internet.  I wonder if he has
verified his tool chain.  And what about the firmware and microcode of
his computers?  And what about the high-tech rappelling bad guys? :)

http://lwn.net/Articles/464530/ (see section titled "Security")

http://www.youtube.com/watch?feature=player_embedded&v=k-oVuQpjG3s

http://www.nj.com/news/index.ssf/2010/03/acrobatic_thieves_hit_nj_best.html


-- 
RH




More information about the tfug mailing list