WIRED: A Cisco Router Bug Has Massive Global Implication

Tue May 14 13:19:55 PDT 2019

Was ROT-13 invented when they discovered that ROT-12 had a weakness ??      vbg
            Jim Bell 

  On Tue, May 14, 2019 at 13:13, coderman<coderman at protonmail.com> wrote:   
> "The researchers realized that by modifying the part of the bitstream that controlled this kill switch,"
>
> wait, what? The fpga code wasn't even encrypted?

security through obscurity. same as it ever was!

back in 2001 the Oregon Liquor Control Commission collected business applications made in their office over WiFi (Cisco aironet, no encryption). this included 10 years of business history, bank account information, applicant information, etc. over the air for anyone to grab...

before this, 1999- pre-802.11. manufacturing floors used 1.5Mbps FHSS in ISM band to network barcode reader handheld computers with back-end Oracle ERP integration via root tty on same unix host Oracle ERP application ran on. this meant: anyone with a radio could attach to root shell (replace Oracle ERP app with /bin/sh on VT100 console) and drive financial bells and whistles with full backing of manufacturing accounts. (yes, no authentication, no encryption to root on ERP host orchestrating the entirety of fortune 500 industries!)

these are just my personal two favorites; every hacker has some.

secure until someone looked... a pattern that repeats :)
 [ for fun and profit? ]  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2163 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20190514/4c537a37/attachment.txt>