Overheard: Why would anyone want to attack the firmware? - Overheard in the tech blogosphere

IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Overheard in the tech blogosphere > Overheard: Why would anyone want to attack the firmware?

» VIEW ALL POSTS May 21 2008 1:21PM GMT

Overheard: Why would anyone want to attack the firmware?

Posted by: Margaret Rouse

Hardware, Security, embedded systems, Technology, Firmware

The danger with embedded devices is that they are often forgotten. They don’t always get patched or audited, and they can contain application-level vulnerabilities, such as flaws in the remote management interface that leave the door open for an attacker.

Rich Smith as quoted in Permanent Denial-of-Service Attack Sabotages Hardware

We aren’t seeing the PDOS attack as a way to mask another attack, such as malware insertion, but as a logical and highly destructive extension of the DDOS [dedicated denial of service] criminal extortion tactics seen in use today.

So this is about corporate sabatoge? Or criminals wiping out a few routers and extorting money for keeping the rest of the company’s network operational? Wow. Sounds like a good plot for a John Grisham book.

Rich Smith (HP System Security Lab) has even come up with a cool name for the attacks: phlashing. And the fuzzing tool he developedfor either launching an attack or detecting vulnerabilities? PhlashDance.

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

Visit Home | News | White Papers | Videos | Resources

Ask an IT Question

About the Blogger

Margaret Rouse

I’m a technical writer and published author. I speak fluent Geek, Biz-speak, SAPanese, VAR and most Vendor dialects. I spend of a lot of my time translating these highly specialized languages into plain English. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Word of the Day

brought to you by Whatis.com

OpenBSD
OpenBSD is a free operating system based upon the Berkeley Software Distribution (BSD) of UNIX developed at the University of California-Berkeley.

mobile marketing
Mobile marketing is promotional activity designed for delivery to cell phones, smart phones and other handheld devices, usually as a component of a mu...READ MORE

micro-botnet
A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specifi...READ MORE

WAN clustering
WAN clustering, also called geoclustering, high-availability clustering or remote clustering, is the use of multiple redundant computing resources loc...READ MORE

Shared Assessments Program
In compliance, the Shared Assessments Program provides organizations with a way to obtain a detailed report about a service provider's controls (peopl...READ MORE

Are you a Know-IT-All?

brought to you by Whatis.com

VoIP security quiz
“The major threats a company faces in using VoIP is that, when improperly implemented, eavesdropping is pretty easy.” Randy Abrams, Th...READ MORE

Nieman Marcus Cookie Recipe
Ingredients 1/2 cup (1 stick) butter, softened 1 cup light brown sugar 3 tablespoons granulated sugar 1 large egg 2 teaspoons vanilla extract 1-3/...READ MORE

Are you a Know-IT-All? phishing kit
Our WhatIs.com Tech Term is phishing kit A phishing kit is a do-it-yourself collection of tools that makes it easy for someone who lacks technica...READ MORE

Are you a Know-IT-All? Ping
Our WhatIs.com Tech Term is ping Ping is an Internet program that allows a user to verify that a particular IP address exists and can accept requ...READ MORE

Know-IT-All Quiz - Facebook
Our WhatIs.com Tech Term is Facebook Facebook is currently the most popular free social networking website. It allows registered users to create ...READ MORE

Blog Roll

Help

Subscribe to Alerts

RSS feed of Overheard in the tech blogosphere

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Podcast Powered by podPress (v8.8)