Security breached in millions of devices...
-
two relative new security breaches
https://www.jsof-tech.com/ripple20/ and https://callstranger.com/
the latest is most likely to be explored... but the first can have real consequences in real life.. is this something that you guys take as serious stuff with customers ?
ex Teradici have immediate discontinues their PCoIP firmware for their TERA2 boxes ( that basically all thin client manufactuerer OEMs) , well they made a new firmware. but this TCP stack can be in hundreds of million of devices...
-
@jkaspersen this goes great with recent discussions of thin client hardware being an outmoded concept. Great example of how niche hardware creates cost and risk.
-
@scottalanmiller no... i just proves that the concept of unmanaged devices, no matter they type is a bad idear. there is no Zero clients. or Zero maintanace on any equipmment... i have always argumented for that.. . Includes cameras, pumps, tv , anything that has a "pulse"..
-
VLAN them and use ACLs that don't even all them to communicate with any other hosts. Allow them only to reach out straight to the vendor outbound and no inbound connections whatsoever.
You pretty much need to treat them as compromised
-
@jkaspersen said in Security breached in millions of devices...:
@scottalanmiller no... i just proves that the concept of unmanaged devices, no matter they type is a bad idear. there is no Zero clients. or Zero maintanace on any equipmment... i have always argumented for that.. . Includes cameras, pumps, tv , anything that has a "pulse"..
Thin clients are almost always unmanaged devices. While nothing directly ties second tier devices to not being managed, it makes it thousands of times more likely. Having to have another mechanism for updates, being outside the mainstream update streams... it adds up.
-
@scottalanmiller well. lets not make this a thin client discussion again... as this post is about million of other devices, .. printer , cams , tv , fuel pumps, factory controllers etc. so how does people deal with those flaws... do they care if the local water supply shut down , or the electricity get shut off...
-
@jkaspersen said in Security breached in millions of devices...:
do they care if the local water supply shut down , or the electricity get shut off...
Care? Sure. Responsible for? No.
We can only deal with our own devices and make good decisions about the vendors and approaches that we use.
-
@jkaspersen said in Security breached in millions of devices...:
printer , cams , tv , fuel pumps, factory controllers etc. so how does people deal with those flaws...
Well there are several steps to this...
- Limit how many are deployed.
- Vet what you purchase and deploy.
- Keep systems up to date.
- Use firewalls for the rest.
-
@scottalanmiller said in Security breached in millions of devices...:
@jkaspersen said in Security breached in millions of devices...:
do they care if the local water supply shut down , or the electricity get shut off...
Care? Sure. Responsible for? No.
We can only deal with our own devices and make good decisions about the vendors and approaches that we use.
Which it seems almost no one actually does. The less than 1% IT pros out there who care don't even make a dent.
-
@Dashrender said in Security breached in millions of devices...:
@scottalanmiller said in Security breached in millions of devices...:
@jkaspersen said in Security breached in millions of devices...:
do they care if the local water supply shut down , or the electricity get shut off...
Care? Sure. Responsible for? No.
We can only deal with our own devices and make good decisions about the vendors and approaches that we use.
Which it seems almost no one actually does. The less than 1% IT pros out there who care don't even make a dent.
A dent is not our concern, though. Only our own environments. We don't need to make a dent, that's nice and all, but if we focus on ourselves, that our neighbours get hacked isn't our problem.
