On January 11, 2018 4:54:00 AM EST, Kirils Solovjovs <[email protected]> wrote: > >The concerns are real and industry resolves this by applying the >minimal >required patches from a media before connecting device to the network. > >K. >
Or keeping a "golden image" which is kept up to date and cloned as needed (either physically or as vm), giving you a base system which has passed whatever hardening and certificatation process org has in place, and has whatever AV or other security software and CM software etc pre-installed. >On 2018.01.09. 12:20, Georgi Guninski wrote: >> This is well known, haven't seen it discussed. >> >> In short doing clean install (factory defaults) has a window of >> opportunity when the device is vulnerable to a known network attack. >> >> It used to be common sense to reinstall after compromise (probably >> doesn't apply to the windows world where the antivirus takes care). >> >> All versions of windoze are affected by the SMB bug to my knowledge. >> Debian jessie (old stable) is vulnerable to malicious mirror attack. >> >> More of interest to me are devices where the installation media is >> fixed and can't be changed. >> >> This includes smartphones and wireless routers. >> >> Some smartphones might be vulnerable to wifi RCE (found by google?). >> Some wireless routers might be vulnerable to wifi RCE or >> default admin password attack over wifi. >> >> Internet of Things will make things worse (some NAS devices are >> affected). >> >> Shielding the device might not be solution since updates must be >> applied. >> >> Are the above concerns real? >> >> Have this been studied systematically? >>
signature.asc
Description: PGP signature
