Heh, One of the fun exercises I like to spring on people is to play out the following scenario: assume you've got an embedded system of some kind being controlled by a windows 3.1 box. Let's say it's doing something like wrapping candybars or stamping plaques or wahtever, it's piecework payment. The machine gets 0wned, and while it's not doing anything that's impacting you personally, it's contributing a couple of kb/s to spamming or ddosing or other fun things. Is it in your interest to sacrifice the day, and the consequent profits involved in fixing your box, to solve the problem or better to just let it run?
The problem was given a more concrete example by a colleague who pointed out that most medical hardware running on windows boxes is not only certified for windows only, but specific *patchlevels*, and that consequently these machines can get restored, taken down, reinstalled, and put back on the net with known vulnerabilities because their software is certified with vulnerabilities intact. On Oct 10, 2009, at 9:06 PM, Jon Kibler wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > toralv_di...@mcafee.com wrote: > >> And prevent their customers from some activity on the internet that >> may be extremely urgent and important? As much as I would prefer >> such an approach personally, I'm afraid this is not a realistic >> option in the real world. > > Exactly!! > > All users with infected computers should be BANNED from the Internet > until their > boxes are clean!! Access to an ISP sandbox would be semi-okay, but > allow > infected computers access to the Internet in general? Not only > "NO!", but "HELL > NO!!". > > Denying access to the few -- those with infected computers -- to > protect the > greater masses is EXACTLY the right move! We do not allow > individuals who have > highly contagious diseases to randomly wander in public spreading > their > infection, so why should we allow their computers to do the same? > > There is absolutely no "life critical" event that requires immediate > Internet > access by an infected system! Despite what millions of CrackBerry > users may > claim, not having instant email access is *not* a "life critical" > event!! > > "Quarantine to few to protect the many!" That should be the > operational mantra > of all ISPs. > > Jon > - -- > Jon R. Kibler > Chief Technical Officer > Advanced Systems Engineering Technology, Inc. > Charleston, SC USA > o: 843-849-8214 > c: 843-813-2924 > s: 843-564-4224 > http://www.linkedin.com/in/jonrkibler > > My PGP Fingerprint is: > BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkrRL5sACgkQUVxQRc85QlOUgwCfUMli1gRRFmo1QcFhXIhsxa+a > JvYAn19AxBUqNZ/DNMpecOo92EARWm12 > =5hLe > -----END PGP SIGNATURE----- > > > > > ================================================== > Filtered by: TRUSTEM.COM's Email Filtering Service > http://www.trustem.com/ > No Spam. No Viruses. Just Good Clean Email. > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
