On Wed, Nov 11, 2009 at 9:53 AM, <d...@geer.org> wrote: > > Matt Crawford writes: > -+------------------- > | Imagine a couple of hundred million devices with updatable > | firmware on them, and one or more rogue updates in the wild. > > > So should or should not an embedded system have a remote > management interface? If it does not, then a late discovered > flaw cannot be fixed without visiting all the embedded systems > which is likely to be infeasible both because some will be where > you cannot again go and there will be too many of them anyway. > If it does have a remote management interface, the opponent of > skill focuses on that and, once a break is achieved, will use > those self-same management functions to ensure that not only > does he retain control over the long interval but, as well, you > will be unlikely to know that he is there. > > This leads to a proposal on what to do about the future: > Embedded systems, if having no remote management interface and > thus out of reach, are a life form and as the purpose of life is > to end, an embedded system without a remote management interface > must be so designed as to be certain to die no later than some > fixed time. Conversely, an embedded system with a remote > management interface must be sufficiently self-protecting that > it is capable of refusing a command.
Almost every U.S.A. based bank that i have used own several physical branch locations. Maybe your country is different. Disable the service until the customer physically brings in the old hardware to be replaced with a new one to eliminate need for remote management. Our planet has too much electronic garbage to build permanent preprogrammed death. > > Long live HAL, > > --dan > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com