FTA, this looks like it only affects the SSH clients... Right?
"The problem involved a bug that exposed a memory leak to a malicious SSH server," Cox explained. "Because the data in question didn't cross any trust or execution boundaries, the malicious server could get the client to possibly leak sensitive authentication key data."
I think it's both. I ran my update playbook and everything was patched within about 3 minutes 🙂
It's already been shown to them how cars can be completely taken over via the internet. I think the cellular vendor in that case turn on a firewall that disabled this - for now.
That has nothing to do with a standardized OS system to run vehicles.
I was mainly referencing Johnhooks comment about not trusting car companies that much.
I agree that this project can only be a good thing - hopefully more manufacturers will join and we will all have safer, more secure systems in our future cars.
But if too many join in, then we will have a single OS and a single point of attack for would be attackers.
Is that really a concern? While there are many versions of Linux, How many servers are running the most popular versus how many cars there?
Seems like it would be a concern of the utmost importance. Creating a single attack target that is primarily maintained by consumers is what caught Windows, right?
Sure, but cars today aren't maintained at all - by anyone.
Nor do most have a single, shared OS or exposed APIs.
I'll give you they don't have a single shared OS, though exposed (sure not over the internet) APIs, it seems there are more exposed that we realize, just most require local access or something like bluetooth.
I find this one a little surprising. When I worked on Wall St. we were rolling out containers in 2006. If these banks are just talking about "looking into" containers now, they are a full decade behind where we were.