WIRED: A Cisco Router Bug Has Massive Global Implications

coderman coderman at protonmail.com
Tue May 14 13:13:20 PDT 2019

> "The researchers realized that by modifying the part of the bitstream that controlled this kill switch,"
> wait, what? The fpga code wasn't even encrypted?

security through obscurity. same as it ever was!

back in 2001 the Oregon Liquor Control Commission collected business applications made in their office over WiFi (Cisco aironet, no encryption). this included 10 years of business history, bank account information, applicant information, etc. over the air for anyone to grab...

before this, 1999- pre-802.11. manufacturing floors used 1.5Mbps FHSS in ISM band to network barcode reader handheld computers with back-end Oracle ERP integration via root tty on same unix host Oracle ERP application ran on. this meant: anyone with a radio could attach to root shell (replace Oracle ERP app with /bin/sh on VT100 console) and drive financial bells and whistles with full backing of manufacturing accounts. (yes, no authentication, no encryption to root on ERP host orchestrating the entirety of fortune 500 industries!)

these are just my personal two favorites; every hacker has some.

secure until someone looked... a pattern that repeats :)
 [ for fun and profit? ]

More information about the cypherpunks mailing list