Deutsch English Français Italiano |
<uv40gs$cgom$3@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y <blockedofcourse@foo.invalid> Newsgroups: sci.electronics.design Subject: Re: German state gov. dicthing Windows for Linux, 30k workers migrating. Date: Tue, 9 Apr 2024 11:13:41 -0700 Organization: A noiseless patient Spider Lines: 43 Message-ID: <uv40gs$cgom$3@dont-email.me> References: <uuqirt$6kgh$1@solani.org> <jgp21jl76nk0c3064ss3pbfq5pboav93hp@4ax.com> <5qb31j9c2ia9a6h2fr50onqa2vp4d4bsfm@4ax.com> <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com> <1qrnmxu.99joma1j6s84iN%liz@poppyrecords.invalid.invalid> <uuuto0$2vka9$1@dont-email.me> <1qroud8.1ot9y7y1yrh1ywN%liz@poppyrecords.invalid.invalid> <uv13tc$3jc5k$1@dont-email.me> <uv40e8$cgom$2@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Tue, 09 Apr 2024 18:13:50 +0200 (CEST) Injection-Info: dont-email.me; posting-host="d6b71d49a81f2c3a2b5d1b3ff8ae8c98"; logging-data="410390"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18sAuM32ymiVpQ2I7LytwAc" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:GvrEidxgjHwebCyetyqnHM9MXKA= Content-Language: en-US In-Reply-To: <uv40e8$cgom$2@dont-email.me> Bytes: 3224 On 4/9/2024 11:12 AM, Don Y wrote: > On 4/8/2024 8:53 AM, Don Y wrote: >> You also would be surprised at how much information "leaks" from naive >> encoding strategies. E.g., if you know (or suspect) the format of the >> content, you can often deduce the coding algorithm. > > This is my all-time favorite -- laughable -- take on "security": > > <https://community.hpe.com/hpeb/attachments/hpeb/hpsc-46/6970/1/UserGuide.pdf> > > This is (was) *sold* as "Secure Web Console". > > By a "reputable" company with very deep pockets! > > The product idea was excellent! Provide a means of accessing the > serial console on a remote computer over the internet. So, you could > troubleshoot boot problems and other issues in cases where the > server/host in question hadn't yet booted *or* had lost IP connectivity. > > Essentially, you build a one-port terminal server and glue a web server > on the outfacing side. An administrator can then access the web server > (from any web client) and have his keystrokes passed through to the > attached serial console and the output from said console painted into > his web browser's display. > > Easy peasy! > > But, the data stream is naively "encrypted" with a simple substitution cipher. > The cipher is stateless so characters can be decoded without regard for where > in the data stream they are encountered. (i.e., a packet sniffer's paradise). > > And, the decode operation is: > chat cleartext = crypttext ^ 0x37; Grrrr... s/chat/char/ > Seriously? What *idiot* thought to put "Secure" in the product's title??? > > ("I locked my front door -- and put the key under the mat so I would > always know where I had left it...") >