BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Security

Subject: [Discuss] Security
From: markw at mohawksoft.com (markw at mohawksoft.com)
Date: Wed, 2 Nov 2011 15:13:52 -0400
In-reply-to: <CALsBAkJB=E02NdtJe2vbbLy-cN1JMDTXVLDqN9YZu8j4jwfmhg@mail.gmail.com>
References: <0736ad51462870c3bb6311e908a7bb22.squirrel@mail.mohawksoft.com> <CALsBAkJB=E02NdtJe2vbbLy-cN1JMDTXVLDqN9YZu8j4jwfmhg@mail.gmail.com>

> On Wed, Nov 2, 2011 at 1:10 PM,  <markw at mohawksoft.com> wrote:
>> At my work, here are a few vending machines. One of these machines has a
>> nice little antenna on it. Presumably, it communicates via cellular
>> network to the vendor in order to report on usage and supplies. Yes,
>> good
>> idea. Cool.
>>
>> It occurs to me that this machine, most likely, did not have to go
>> through
>> any vetting. Not only that, I bet the grunts that stock these machines
>> are
>> hired more for strong backs and no criminal record.
>>
>> So, here we have a powered machine with external wireless connectivity
>> on
>> the premises with no actual over site. It is there 24x7, powered!
>>
>> Think of all the cool/evil things you could put in a vending machine
>> with
>> a wireless link. Imagine having direct access to a Linux box in almost
>> any
>> company you want. You could run any software you want. You could have
>> wi-fi too. Could you break the company's wireless security? Could you
>> monitor their wireless communications? Could you eaves drop on
>> conversations near by?
>>
>> Everyone suspects the cleaning crew, and if you are interested in
>> security, you do background checks. Almost no one cares about the
>> vending
>> machines.
>
> There's nothing that device can do to your wilreless network that a
> person with a directional antennae can't already do.  As long as you
> don't plug it into your internal network, you're not worse off.


This is, of curse, true, however, having a powered local presence is a lot
more flexible than having to be local with a directional antennae. In
fact, many buildings are not easily accessible.

>
> As for the eavesdropping, you wouldn't need an obvious antennae for
> that.  There could be a camera or microphone in older vending
> machines, televisions, coffee machines, fridges, ceiling tiles or even
> a cabinet.  These could have less obvious antennas or hey, just have
> the recordings picked up occasionally during maintenance.

Also true, but sort of not the point.
>
> There's an infinite number of things that "could" happen.  You need to
> consider the likelihood and impact of those sorts of attacks.  In most
> cases the likelihood is minimal.  Impact is probably minimal as well
> unless its in the board room.
>

That depends on what you want to learn.

References:
- [Discuss] Security
  - From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] Security
  - From: gboyce at badbelly.com (Gregory Boyce)

Prev by Date: [Discuss] Security
Next by Date: [Discuss] Discuss Digest, Vol 6, Issue 3
Previous by thread: [Discuss] Security
Next by thread: [Discuss] Security
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org