Path: ...!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Sylvia Else <sylvia@email.invalid>
Newsgroups: comp.misc,comp.os.linux.advocacy,misc.news.internet.discuss
Subject: Re: Security? What "Security"?
Date: Mon, 14 Oct 2024 11:49:01 +0800
Lines: 42
Message-ID: <ln3ildFse54U2@mid.individual.net>
References: <1r19ri6.xu1j411x9lob6N%snipeco.2@gmail.com>
 <ln3h70Fse54U1@mid.individual.net>
 <uR6cneotZp_6DJH6nZ2dnZfqn_qdnZ2d@giganews.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net TU0jwETwZyu0vCgMmTU6zgpgJy/Wrj+cjBzSIUkDTLX4NUc5Pb
Cancel-Lock: sha1:wB4vzgh4nLpr1tAGtLRITxUlezI= sha256:D/9wpcrG7JQ+xXChVQG5IZKyae9DZfVTGfXinyOZxyc=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.15.1
Content-Language: en-US
In-Reply-To: <uR6cneotZp_6DJH6nZ2dnZfqn_qdnZ2d@giganews.com>
Bytes: 3017

On 14-Oct-24 11:35 am, % wrote:
> Sylvia Else wrote:
>> On 11-Oct-24 10:17 pm, Sn!pe wrote:
>>> My pet rock Gordon asserts that every networked device has a backdoor.
>>> Therefore, anything viewable in clear on that device is insecure and the
>>> quality of message encryption is moot.
>>>
>>
>> An initial question is what exactly is meant by "backdoor". Any 
>> networked device that is capable of remote update by the vendor can 
>> presumably be updated by the vendor to do anything that any device on 
>> your network can do. But this does not imply that anyone else can do 
>> that. Of course it does mean that you security depends on the security 
>> of the vendor, which is an unknown quantity. This is partly why the 
>> few remotely updatable devices that I do own are fire-walled off from 
>> the rest of my internal network.
>>
>> Few networked devices accept incoming connections, for the simple 
>> reason that they're unlikely to get past a gateway router. Most work 
>> by making outgoing connections to the vendor's server. The better 
>> implementations require an authenticated server certificate, which 
>> makes impersonation of the vendor pretty much impossible. Without a 
>> certificate the intending intruder may engage in something like a DNS 
>> cache poisoning attack, but they have become more difficult over the 
>> years.
>>
>> If one is to worry about back-doors, the main vulnerability is the 
>> router itself, and this has indeed been a problem in the past, 
>> especially where the ISP has the ability to update firmware or change 
>> settings, because now one is dependent on the security of the ISP, 
>> which is not always been up to the task.
>>
>> Commercially supplied routers have a bad record of vulnerabilities. I 
>> use a small single board computer as a gateway instead.
>>
>> Sylvia.
>>
> i have nothing to hide so i don't do anything

Not even information that could be used in identity theft?

Sylvia.