Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Don Y <blockedofcourse@foo.invalid>
Newsgroups: sci.electronics.design
Subject: Re: German state gov. dicthing Windows for Linux, 30k workers
 migrating.
Date: Tue, 9 Apr 2024 11:13:41 -0700
Organization: A noiseless patient Spider
Lines: 43
Message-ID: <uv40gs$cgom$3@dont-email.me>
References: <uuqirt$6kgh$1@solani.org>
 <jgp21jl76nk0c3064ss3pbfq5pboav93hp@4ax.com>
 <5qb31j9c2ia9a6h2fr50onqa2vp4d4bsfm@4ax.com>
 <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com>
 <1qrnmxu.99joma1j6s84iN%liz@poppyrecords.invalid.invalid>
 <uuuto0$2vka9$1@dont-email.me>
 <1qroud8.1ot9y7y1yrh1ywN%liz@poppyrecords.invalid.invalid>
 <uv13tc$3jc5k$1@dont-email.me> <uv40e8$cgom$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 09 Apr 2024 18:13:50 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="d6b71d49a81f2c3a2b5d1b3ff8ae8c98";
	logging-data="410390"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18sAuM32ymiVpQ2I7LytwAc"
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Cancel-Lock: sha1:GvrEidxgjHwebCyetyqnHM9MXKA=
Content-Language: en-US
In-Reply-To: <uv40e8$cgom$2@dont-email.me>
Bytes: 3224

On 4/9/2024 11:12 AM, Don Y wrote:
> On 4/8/2024 8:53 AM, Don Y wrote:
>> You also would be surprised at how much information "leaks" from naive
>> encoding strategies.  E.g., if you know (or suspect) the format of the
>> content, you can often deduce the coding algorithm.
> 
> This is my all-time favorite -- laughable -- take on "security":
> 
> <https://community.hpe.com/hpeb/attachments/hpeb/hpsc-46/6970/1/UserGuide.pdf>
> 
> This is (was) *sold* as "Secure Web Console".
> 
> By a "reputable" company with very deep pockets!
> 
> The product idea was excellent!  Provide a means of accessing the
> serial console on a remote computer over the internet.  So, you could
> troubleshoot boot problems and other issues in cases where the
> server/host in question hadn't yet booted *or* had lost IP connectivity.
> 
> Essentially, you build a one-port terminal server and glue a web server
> on the outfacing side.  An administrator can then access the web server
> (from any web client) and have his keystrokes passed through to the
> attached serial console and the output from said console painted into
> his web browser's display.
> 
> Easy peasy!
> 
> But, the data stream is naively "encrypted" with a simple substitution cipher.
> The cipher is stateless so characters can be decoded without regard for where
> in the data stream they are encountered.  (i.e., a packet sniffer's paradise).
> 
> And, the decode operation is:
>     chat cleartext = crypttext ^ 0x37;

Grrrr... s/chat/char/

> Seriously?  What *idiot* thought to put "Secure" in the product's title???
> 
> ("I locked my front door -- and put the key under the mat so I would
> always know where I had left it...")
>