[Dshield] Embedded Systems Security Best Practices
Kenneth Porter
shiva at sewingwitch.com
Tue Feb 10 07:11:56 GMT 2009
--On Monday, January 19, 2009 10:20 AM -0500 Valdis.Kletnieks at vt.edu wrote:
> That's as it should be. If your embedded system is properly designed,
> the end user shouldn't be able to get a 'login:' prompt.
My Linksys router with custom firmware includes the option to ssh in. This
is handy for some things the web management interface lacks, such as more
detailed firewall and QoS rules. ssh has had vulnerabilities in the past.
So one issue is how to deal with buggy 3rd party stuff. A way to patch
discovered vulnerabilities is a good thing, and that includes the
maintenance machinery to get it done. My TiVo, for example, gets regular
updates as part of its subscription.
More information about the Dshield
mailing list