XPost: comp.os.linux.advocacy, misc.news.internet.discuss   
   From: sylvia@email.invalid   
      
   On 14-Oct-24 11:35 am, % wrote:   
   > Sylvia Else wrote:   
   >> On 11-Oct-24 10:17 pm, Sn!pe wrote:   
   >>> My pet rock Gordon asserts that every networked device has a backdoor.   
   >>> Therefore, anything viewable in clear on that device is insecure and the   
   >>> quality of message encryption is moot.   
   >>>   
   >>   
   >> An initial question is what exactly is meant by "backdoor". Any   
   >> networked device that is capable of remote update by the vendor can   
   >> presumably be updated by the vendor to do anything that any device on   
   >> your network can do. But this does not imply that anyone else can do   
   >> that. Of course it does mean that you security depends on the security   
   >> of the vendor, which is an unknown quantity. This is partly why the   
   >> few remotely updatable devices that I do own are fire-walled off from   
   >> the rest of my internal network.   
   >>   
   >> Few networked devices accept incoming connections, for the simple   
   >> reason that they're unlikely to get past a gateway router. Most work   
   >> by making outgoing connections to the vendor's server. The better   
   >> implementations require an authenticated server certificate, which   
   >> makes impersonation of the vendor pretty much impossible. Without a   
   >> certificate the intending intruder may engage in something like a DNS   
   >> cache poisoning attack, but they have become more difficult over the   
   >> years.   
   >>   
   >> If one is to worry about back-doors, the main vulnerability is the   
   >> router itself, and this has indeed been a problem in the past,   
   >> especially where the ISP has the ability to update firmware or change   
   >> settings, because now one is dependent on the security of the ISP,   
   >> which is not always been up to the task.   
   >>   
   >> Commercially supplied routers have a bad record of vulnerabilities. I   
   >> use a small single board computer as a gateway instead.   
   >>   
   >> Sylvia.   
   >>   
   > i have nothing to hide so i don't do anything   
      
   Not even information that could be used in identity theft?   
      
   Sylvia.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)