To: Still Thinking
Devices that are targets for this kind of attack shouldn't be able to be remotely flashed with new software. It's convenient for the people who manage them, but so what, it's not their money to be putting at risk.
Barring doing the safest thing (not allowing remote flashing of code) they should at minimum have monitoring that alerts when code is added or changed.
posted on 01/16/2014 3:26:00 PM PST
(Involuntarily subsidizing the parasite class since 1981)
I’m not even saying flashing shouldn’t be “allowed”. I’m saying it should be impossible. Whatever code the devices run should be in hardware, requiring physical contact to reload. If it’s a permission thing, there might be some way for them to end run it.
posted on 01/16/2014 3:34:38 PM PST
by Still Thinking
(Freedom is NOT a loophole!)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson