Matt Waxes Poetic About Software Security [Was: Re: [SVHMPC] Headset connector query]

dwight at dwight at
Sat Mar 10 05:16:09 CET 2007

Let me just clarify this one point; the other ones I'm generally in agreement 
with. And the Hunter S. Thompson quote was superb.

On Friday 09 March 2007 11:17, Matthew S. Hamrick wrote:
> Well... ya' know... the first step might be to not include software
> that turns the AV inputs on remotely.

Heh. Yes, I agree. It seems obvious, but often the obvious is overlooked.

Honestly, I'd swear each new generation of software developers seems to 
overlook this stuff, and ends up repeating the mistakes of the past. 

But I was referring more to the GSM transceiver chip. I was thinking in terms 
of the Lawful Intercept program. If you've ever seen the arm twisting which 
goes on to get this stuff included, you'd be suspicious of anything closed. 
And with good reason.

Then there are the usual buffer overflows. Honestly, if firewall manufacturers 
don't take these seriously, a GSM chip company certainly won't.

In short, I don't trust the transceiver chip to keep the mic and the video 
off.  Perhaps some LED's on these lines might be useful as well. The software 
on the host system at least is defendable. But only if the right hardware 
design is used. Otherwise, it's an impossible mission.



More information about the community mailing list