"Mart van de Wege" <[email protected]> wrote in message
news:[email protected]...
"amicus_curious" <[email protected]> writes:
"Mart van de Wege" <[email protected]> wrote in message
news:[email protected]...
"amicus_curious" <[email protected]> writes:
"David Kastrup" <[email protected]> wrote in message
news:[email protected]...
"amicus_curious" <[email protected]> writes:
If it fails early, it gets returned to the store or to the
manufacturer for credit.
If your whole computing centre gets compromised because a packet
logger
could be inserted into the router, return to the store is your least
problem. Being able to determine possible scope of a security breach
is
certainly important.
You create a whole lot of hypothetical situations, but people buy
these things at Sam's Club for $35 and they work just fine. What
compromise has there ever been that allowed someone to put a "packet
logger" into the firmware of such a thing? Who would bother?
Spammers who like to build botnets out of domestic PCs for example.
Do you know of any instance where the botnet was built by compromising
the user's router firmware? That is pretty farfetched.
Yes, and executable e-mails were once considered to be 'purely
theoretical'.
I'm sorry, but threat evaluation is just a *tad* more than 'is this
being exploited yet?'
I don't think that you are sorry in the least. Do you suggest that this
theory will first find its way into someone lusting to robotize some kid's
PC? Even so how likely is it that the target of this exploit is savvy
enough to have combed through the source and implemented his own fix enable
by knowing which library version of BusyBox was in use in his $25 router?
It would be more probable that he would win the Powerball Lottery twice in a
row.
_______________________________________________
gnu-misc-discuss mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/gnu-misc-discuss
