Precision electronic instrumentation Picosecond-resolution Digital Delay and Pulse generators Custom laser drivers and controllers Photonics and fiberoptic TTL data links VME thermocouple, LVDT, synchro acquisition and simulation
Hmmm. All of the ones I've setup have been on 192.168.x.x, and most of those aren't even on subnets that connect to the wider internet. Usually something wants NMEA 0183 wrapped in UDP or it only speaks NMEA over UDP and I need to get it as serial.
and you are not sophisticated enough to recognise it as spam.
makes you look gullible.
We use the Lantronix Xport ethernet-to-serial gadgets in several of our products; it's PCB mounted and the size of an RG45+magnetics thing. You can password protect them, but we usually don't. The ones that we use support only one session at a time. If one of these is set up to be accessed from the outside world, tunneld in through a router, anybody can get in. And apparently someone can open a session, lose interest, and maybe leave the connection open for bad guys.
Cool.
--
John Larkin Highland Technology, Inc
jlarkin at highlandtechnology dot com
http://www.highlandtechnology.com
Precision electronic instrumentation
Picosecond-resolution Digital Delay and Pulse generators
Custom laser drivers and controllers
Photonics and fiberoptic TTL data links
VME thermocouple, LVDT, synchro acquisition and simulation
and you are not sophisticated enough to recognise it as spam.
makes you look gullible.
I can't be rude about John Larkin posting yet more nonsense if I haven't had a look at it to make sure that it's nonsense.
Even John Larkin could post non-nonsense. The fact that he can't tell shit from shinola doesn't prevent him from finding shinola from time to time. This should be obvious, but I'm spelling it out just for you.
The article is not just BS. I worked on retro fitting a system that connected, well let's call them "sensors", via serial lines. The sensors were in public environments. The units were connected to a terminal server that would reverse telnet back to a host and send ASCII "packets". However, you could escape out to the telnet prompt and if you knew what you were doing try and connect to other host on what ever network the terminal server might be on. The system would eventually signal an alarm that the sensor was not sending data but there was a nice window of vulnerability.
Sys Admins can be somewhat sloppy when they "think" their boxes are living on a protected network segment.
Some really smart, really bad guys could build a huge database of unprotected things - refineries, power utilities, traffic lights, roller coasters, all sorts of facilities - and build a botnet to attack all of them at once. The attack on the Iranian centrifuges was like that, Internet into PLCs, probably through a serial link adapter of some sort.
We have an earthquake kit for situations like this.
--
John Larkin Highland Technology Inc
www.highlandtechnology.com jlarkin at highlandtechnology dot com
Precision electronic instrumentation
Picosecond-resolution Digital Delay and Pulse generators
Custom timing and laser controllers
Photonics and fiberoptic TTL data links
VME analog, thermocouple, LVDT, synchro, tachometer
Multichannel arbitrary waveform generators
On Tue, 30 Apr 2013 09:42:52 -0700, John Larkin wrote: [snip]
It does not take really smart people. In a recent security news letter they pointed out that 60% of people that find a random USB stick in the parking lot will plug it into their work computer to look at what is on it. Put the company logo on the USB drive and the number goes up to 90%.
How many of you will pick up a USB drive at a trade show and just plug it in and use it? Hopefully that number is zero but that is wishful thinking....
The real fools, of course, were those who designed an OS that automatically loads and executes random bits of code coming from such a support. That's either incredibly stupid or very devious, I'm not sure which. There's a saying to not attribute to malice what can be adequately explained by plain stupidity. Mmmmh.
I've read that there are many, maybe millions of online webcams that still have the default login passwords and stuff.
--
John Larkin Highland Technology, Inc
jlarkin at highlandtechnology dot com
http://www.highlandtechnology.com
Precision electronic instrumentation
Picosecond-resolution Digital Delay and Pulse generators
Custom laser drivers and controllers
Photonics and fiberoptic TTL data links
VME thermocouple, LVDT, synchro acquisition and simulation
I believe that it is only autorun for usb drives that is turned off by default, CDROMs will still autorun and some usb drives pretent to be cdroms so they also autorun
There shouldn't *be* an auto-run! If you want to run something from a portable support, fine, but it should be a conscious decision, not an automated trap!
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.