Word of the Day: Tech Definitions from WhatIs.com

May 21 2008   1:21PM GMT

Overheard: Why would anyone want to attack the firmware?

Margaret Rouse Margaret Rouse Profile: Margaret Rouse

dept_justice.jpg The danger with embedded devices is that they are often forgotten. They don’t always get patched or audited, and they can contain application-level vulnerabilities, such as flaws in the remote management interface that leave the door open for an attacker.

Rich Smith as quoted in Permanent Denial-of-Service Attack Sabotages Hardware

We aren’t seeing the PDOS attack as a way to mask another attack, such as malware insertion, but as a logical and highly destructive extension of the DDOS [dedicated denial of service] criminal extortion tactics seen in use today.

So this is about corporate sabatoge? Or criminals wiping out a few routers and extorting money for keeping the rest of the company’s network operational? Wow.  Sounds like a good plot for a John Grisham book. 

Rich Smith (HP System Security Lab)  has even come up with a cool name for the attacks: phlashing.  And the fuzzing tool he developedfor either launching an attack or detecting vulnerabilities? PhlashDance. 

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: