[148391] in cryptography@c2.net mail archive
Re: [Cryptography] Kindle as crypto hardware
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Sun Dec 8 20:04:37 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <20131208042541.EE008FC65@a-pb-sasl-quonix.pobox.com>
Date: Sun, 8 Dec 2013 08:36:10 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Bill Stewart <bill.stewart@pobox.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>,
Theodore Ts'o <tytso@mit.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============4504200792344511062==
Content-Type: multipart/alternative; boundary=089e013d1db260f61604ed05f6bb
--089e013d1db260f61604ed05f6bb
Content-Type: text/plain; charset=ISO-8859-1
On Sat, Dec 7, 2013 at 11:18 PM, Bill Stewart <bill.stewart@pobox.com>wrote:
> At 07:10 AM 12/5/2013, you wrote:
>
>> On Wed, Dec 04, 2013 at 06:46:04PM -0800, Bill Stewart wrote:
>> > And don't go buying that NSArrduino
>> > clone board, which has a chip marked "ATmega328" that's actually an
>> > ARM emulation with a radio transmitter.
>>
>> Citation and more detail about this accusation, please?
>>
>
> Sorry, hoped it would be obvious that that was a joke.
>
> Not totally impossible that they could have done such a thing, if they
> actually wanted to,
> because there are a few PDIP-packaged ARM chips, or they're rumored to
> have their own chip fabbing,
> there's plenty of spare horsepower, and the average hobbyist wouldn't
> notice as long as the pinouts were right.
> My real worry about such things is getting the 3.3v part when I'm
> expecting a 5v part.
Actually a very common and real problem in SCADA systems is getting an
unwanted CPU.
For example, many parts come with the option of an Ethernet port. But this
is simply the old design with a serial to ethernet converter added. What
looks like an ethernet port is actually a full CPU with a comprehensive
TCP/IP stack including HTTP and FTP server and an unknown number of
intentional or unintentional vulnerabilities.
I don't think there is any provision for updating the firmware typically.
--
Website: http://hallambaker.com/
--089e013d1db260f61604ed05f6bb
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Sat, Dec 7, 2013 at 11:18 PM, Bill Stewart <span dir=3D"ltr"><=
;<a href=3D"mailto:bill.stewart@pobox.com" target=3D"_blank">bill.stewart@p=
obox.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">At 07:10 AM 12/5/2013, you=
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
On Wed, Dec 04, 2013 at 06:46:04PM -0800, Bill Stewart wrote:<br>
> And don't go buying that NSArrduino<br>
> clone board, which has a chip marked "ATmega328" that's =
actually an<br>
> ARM emulation with a radio transmitter.<br>
<br>
Citation and more detail about this accusation, please?<br>
</blockquote>
<br></div>
Sorry, hoped it would be obvious that that was a joke.<br>
<br>
Not totally impossible that they could have done such a thing, if they actu=
ally wanted to,<br>
because there are a few PDIP-packaged ARM chips, or they're rumored to =
have their own chip fabbing,<br>
there's plenty of spare horsepower, and the average hobbyist wouldn'=
;t notice as long as the pinouts were right.<br>
My real worry about such things is getting the 3.3v part when I'm expec=
ting a 5v part.</blockquote><div><br></div><div>Actually a very common and =
real problem in SCADA systems is getting an unwanted CPU.</div><div><br>
</div><div>For example, many parts come with the option of an Ethernet port=
. But this is simply the old design with a serial to ethernet converter add=
ed. What looks like an ethernet port is actually a full CPU with a comprehe=
nsive TCP/IP stack including HTTP and FTP server and an unknown number of i=
ntentional or unintentional vulnerabilities.</div>
<div><br></div><div>I don't think there is any provision for updating t=
he firmware typically.</div></div><div><br></div>-- <br>Website: <a href=3D=
"http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>
--089e013d1db260f61604ed05f6bb--
--===============4504200792344511062==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============4504200792344511062==--
