Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Don Y <blockedofcourse@foo.invalid>
Newsgroups: sci.electronics.design
Subject: Insidious creep
Date: Mon, 11 Mar 2024 22:13:15 -0700
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <usoo9e$48ti$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 12 Mar 2024 05:13:19 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="cd61f5e18330181594e65cc325aef3d5";
	logging-data="140210"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18ghw+YHG6yZLddLSGRR9VM"
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Cancel-Lock: sha1:DqjIzTNThk5b4gafZmH587plSX8=
Content-Language: en-US
Bytes: 1753

Wow, it sure looks like EVERYONE wants a chance to sit
inside your firewall!

Rescued another UPS, today.  It pitches a remote service
that they want you to sign up for -- free updates,
remote power monitoring, etc.

Of course, to do so, you've got to let it talk to the
outside world.

And, now you've got a pwnplug that can be controlled from
that outside world!

Of course, any previous UPS with a NIC could snoop your
internal traffic.  But, an SysAdm worth his salt would
block said device(s) from outgoing traffic.

OTOH, if the vendor cons^Hvinces you to willingly open
that door...

It's sure gonna be fun when some actor decides to really
take down our infrastructure -- by pwning those vendors
and all of the kit that they control!  <frown>