From: marioxcc.MT@yandex.com
To: debian-user@lists.debian.org
On 22/08/17 10:22, Jape Person wrote:
> Hence, why I suspect that they are vulnerable. I bought these things
> because my wife trips over her cables 3 or 4 times a day, and wireless
> ones are just easier to deal with from a workstation logistics standpoint.
Wireless things do not solve the problem of having to cope with wires.
They just replace this with the bigger problem of unauduitable firmware
directly exposed to the attacker (via radio or sometimes infrared
communication).
My suggestion is to instead address cabling directly. If your wife trips
because cables are in the floor, then use some wire to coil the excess
length so that it does not hang. If your cables have to go through a
walkway, then pass them through the bottom of the ceiling, so that the
floor will be clear and thus avoid the “tripping hazard”. Use a cable
extension if required. You may need to go to a hardware store to buy a
cable tray or a wall-mountable cable clamp.
> I"ll look into getting the test suite from Bastille to see if I can
> figure out how to do some testing on these things to see if they look
> vulnerable. Do you really think that this is unauditable? Bastille
> claims to have produced Open Source tools for doing just that.
If the device firmware is secret, then it is unauduitable. Of course,
this applies to wired keyboards too. The problem is that wireless
keyboards are exposed to possible attackers, while wired keyboards are not.
I have not heard about Bastille. Apparently they sell a vulnerability
scanner for wireless devices. I can easily be wrong here because I just
took a quick glance at “https://www.bastille.net/product/introduction/”.
By doing vulnerability scanner, one can only test the device for a
limited set of *known* vulnerabilities (the test suite must know what to
look for). I would not trust any wireless device just because a
vulnerability scanning found nothing on it. Without seeing the firmware
source code, one can not tell if it has vulnerabilities previously unknown.
> Maybe I"ll just use the wireless keyboards and mice to control TVs.
Ugh? I did not know that TVs that have any use for keyboard and mice
input existed. I guess it"s just yet another class of devices with
“walled-garden type” proprietary software providing an incountable
number of fancy but completely useless bells and whistles.
What is next? A toaster that makes a Twitter post when the toasts are ready?
>> That is why opaque cryptographic systems can not be trusted. This is
>> covered in any practical cryptography book.
>
> Practical cryptography -- isn"t that an oxymoron, for most users at
> least? [...]
I was referring to *books* that address the issues related to
*deploying* cryptographic systems as opposed to theoretical issues or
cryptanalysis (for example, the mathematics of elliptic curve
cryptography, hash constructions “probably secure” based on the random
oracle model, and other details that are not relevant to the end users).
The question of whether cryptography can be practical is a very
different matter.
I believe that cryptography is already practical. For example,
encrypting e-mail with Enigmail and Thunderbird is very easy. Many
distributions have graphical installers (lay users are allergic to
ncurses-type interfaces) with which an encrypted volume can be set up
easily. Many web sites use TLS transparently to the user, et cetera.
> In a day when people post their most personal experiences and thoughts
> on Facebook or Twitter for everyone to read [...]
But about the huge amorphous mass of typical Facebook users, those are a
lost case. The fact that they couldn"t be made to properly secure their
information –even if their despicable lives depended on it– is not a
fault of the cryptography systems. It is a fault of their indolence and
incompetence. Related:
<https://web.archive.org/web/20140329180453/http://eatliver.com/i.php?n=4043>.
Personally I do not care about “privacy” in the normal sense, because I
do not care about the opinion of people about myself (However, I do care
about *arguments* that I am doing something wrong). However, I care abut
encryption because I do not want to leave through the Internet personal
information that maybe can be used *against* me.
Regards.
--
Do not eat animals, respect them as you respect people.
Very nice article reming people of the obvious. There is one specific area where mediums mix-match,
air and copper that is, and this is a not so recent gadget of using mains/electrical outlets for networking
by placing a pair or more dongles on any plugs on the same circuit.
Well, electrical circuits are not very isolated from the generator and back through your house. It is just
that those little boxes are powered by the current and use the current's medium to transmit a signal.
Either with a copy of the same little box or by a sensor around the wire someone can get the ethernet
signal and join the conversation. The signla strength drops the further you go, but it is still there, despite
of the electrical noise. People tend to think it is just like connecting a wire from your pc to a router or
a hub/bridge whatever.
In this case it is very likely that your toaster can tweet the results on the network. It is the blender you