Matt Waxes Poetic About Software Security [Was: Re: [SVHMPC] Headset connector query]
dwight at supercomputer.org
dwight at supercomputer.org
Sat Mar 10 05:16:09 CET 2007
Let me just clarify this one point; the other ones I'm generally in agreement
with. And the Hunter S. Thompson quote was superb.
On Friday 09 March 2007 11:17, Matthew S. Hamrick wrote:
> Well... ya' know... the first step might be to not include software
> that turns the AV inputs on remotely.
Heh. Yes, I agree. It seems obvious, but often the obvious is overlooked.
Honestly, I'd swear each new generation of software developers seems to
overlook this stuff, and ends up repeating the mistakes of the past.
But I was referring more to the GSM transceiver chip. I was thinking in terms
of the Lawful Intercept program. If you've ever seen the arm twisting which
goes on to get this stuff included, you'd be suspicious of anything closed.
And with good reason.
Then there are the usual buffer overflows. Honestly, if firewall manufacturers
don't take these seriously, a GSM chip company certainly won't.
In short, I don't trust the transceiver chip to keep the mic and the video
off. Perhaps some LED's on these lines might be useful as well. The software
on the host system at least is defendable. But only if the right hardware
design is used. Otherwise, it's an impossible mission.
-dwight-
>
More information about the community
mailing list