[LINK] SOH SEcurity [was: Freeview Launches In Australia]

Rick Welykochy rick at praxis.com.au
Wed Nov 26 11:01:24 AEDT 2008 

Michael Still wrote:

> I point is more that they lost the battle and just 
> didn't notice. Would you say that someone who thought the Germans still 
> had a chance of winning WW2 was a true believer, or just someone who is 
> in denial?
'
You mean WW2 is over? I am shocked and now realise I have needlessly
done some very nasty things to German people. Oh dear.

Since you are content to use analogy to prove a point, did you know there
are all sorts of security vulnerabilities awaiting exploitation in your
home SOHO router / ADSL modem? Most of it has to do with the fact that
there is a web browser built into the modem, for admin purposes.

Who would have thought?

I obliquely refer to all the exploits that emerge in a complex system.
Add Flash to Javascript to Java to base browser and you are looking at
one hell of a combinatorial explosion in complexity. And a playground
that is ripe for criminal pickings. Something that lay people (lusers)
simply do not understand. Joyously condescendingly I say "it's all a
biut too techincal for you to understand." Am of course I am right. They
don't want to understand. That does not mean, by some sort of argument,
that they are right in ignoring that there are serious security risks
when using the Internet and specifically the web.

Lest you think I am idly mouthing off, be aware that the exploits in
the routers I mention above have been there for years and were only uncovered
and made public by a band of open-sourcers who wanted to research and
then expose the problem.

<http://www.securiteam.com/securityreviews/6D00C0KN5S.html>

If you think that a break-in at the routere level in your home is harmless,
think again:

(*) DNS poisoning
(*) man in the middle attacks
(*) monitoring of all emails and web connections, well, *ALL* connections
(*) bandwidth theft
(*) personal ID theft

And finally, all of the above are possible when attacking your system via
other means, i.e. browser exploit, email phish, etc..etc.

And this is only *ONE* report of such. Think about how many exploits have
been researched, a paper written up and presented at some security conference
somewhere. I don't have time to research this further now, but I am afraid.
Afraid for Joe Sixpack who just logs on and surfs. Especially with know
unsecure products from companies like Microsoft.

My point being: Javascript + Flash + Active X + <insert crud here> exasperates
the problem and makes it easier for crims to rip you off.

I agree with you, the war has been lost and the populist uneducated luser and
the web sites that hypnotise them into visiting HAVE WON. But who has really lost?
Ironically, the luser has lost. Billions of dollars in Australia alone. Sigh.

I, the geek, have not lost anything. I know what I am doing on the net and take
necessary precautions. Those who do not are the real losers in the complexity stakes.

cheers
rickw


-- 
_________________________________
Rick Welykochy || Praxis Services

Tis the dream of each programmer before his life is done,
To write three lines of APL and make the damn thing run.

More information about the Link mailing list