> From: marioxcc...@yandex.com > To: debian-user@lists.debian.org > > On 22/08/17 10:22, Jape Person wrote: >> Hence, why I suspect that they are vulnerable. I bought these things >> because my wife trips over her cables 3 or 4 times a day, and wireless >> ones are just easier to deal with from a workstation logistics standpoint. > > Wireless things do not solve the problem of having to cope with wires. > They just replace this with the bigger problem of unauduitable firmware > directly exposed to the attacker (via radio or sometimes infrared > communication). > > My suggestion is to instead address cabling directly. If your wife trips > because cables are in the floor, then use some wire to coil the excess > length so that it does not hang. If your cables have to go through a > walkway, then pass them through the bottom of the ceiling, so that the > floor will be clear and thus avoid the “tripping hazard”. Use a cable > extension if required. You may need to go to a hardware store to buy a > cable tray or a wall-mountable cable clamp. > >> I"ll look into getting the test suite from Bastille to see if I can >> figure out how to do some testing on these things to see if they look >> vulnerable. Do you really think that this is unauditable? Bastille >> claims to have produced Open Source tools for doing just that. > > If the device firmware is secret, then it is unauduitable. Of course, > this applies to wired keyboards too. The problem is that wireless > keyboards are exposed to possible attackers, while wired keyboards are not. > > I have not heard about Bastille. Apparently they sell a vulnerability > scanner for wireless devices. I can easily be wrong here because I just > took a quick glance at “https://www.bastille.net/product/introduction/”. > > By doing vulnerability scanner, one can only test the device for a > limited set of *known* vulnerabilities (the test suite must know what to > look for). I would not trust any wireless device just because a > vulnerability scanning found nothing on it. Without seeing the firmware > source code, one can not tell if it has vulnerabilities previously unknown. > >> Maybe I"ll just use the wireless keyboards and mice to control TVs. > > Ugh? I did not know that TVs that have any use for keyboard and mice > input existed. I guess it"s just yet another class of devices with > “walled-garden type” proprietary software providing an incountable > number of fancy but completely useless bells and whistles. > > What is next? A toaster that makes a Twitter post when the toasts are ready? > >>> That is why opaque cryptographic systems can not be trusted. This is >>> covered in any practical cryptography book. >> >> Practical cryptography -- isn"t that an oxymoron, for most users at >> least? [...] > I was referring to *books* that address the issues related to > *deploying* cryptographic systems as opposed to theoretical issues or > cryptanalysis (for example, the mathematics of elliptic curve > cryptography, hash constructions “probably secure” based on the random > oracle model, and other details that are not relevant to the end users). > The question of whether cryptography can be practical is a very > different matter. > > I believe that cryptography is already practical. For example, > encrypting e-mail with Enigmail and Thunderbird is very easy. Many > distributions have graphical installers (lay users are allergic to > ncurses-type interfaces) with which an encrypted volume can be set up > easily. Many web sites use TLS transparently to the user, et cetera. > >> In a day when people post their most personal experiences and thoughts >> on Facebook or Twitter for everyone to read [...] > > But about the huge amorphous mass of typical Facebook users, those are a > lost case. The fact that they couldn"t be made to properly secure their > information –even if their despicable lives depended on it– is not a > fault of the cryptography systems. It is a fault of their indolence and > incompetence. Related: > <https://web.archive.org/web/20140329180453/http://eatliver.com/i.php?n=4043>. > > Personally I do not care about “privacy” in the normal sense, because I > do not care about the opinion of people about myself (However, I do care > about *arguments* that I am doing something wrong). However, I care abut > encryption because I do not want to leave through the Internet personal > information that maybe can be used *against* me. > > Regards. > > -- > Do not eat animals, respect them as you respect people. > https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan
Very nice article reming people of the obvious. There is one specific area where mediums mix-match, air and copper that is, and this is a not so recent gadget of using mains/electrical outlets for networking by placing a pair or more dongles on any plugs on the same circuit. Well, electrical circuits are not very isolated from the generator and back through your house. It is just that those little boxes are powered by the current and use the current's medium to transmit a signal. Either with a copy of the same little box or by a sensor around the wire someone can get the ethernet signal and join the conversation. The signla strength drops the further you go, but it is still there, despite of the electrical noise. People tend to think it is just like connecting a wire from your pc to a router or a hub/bridge whatever. In this case it is very likely that your toaster can tweet the results on the network. It is the blender you should worry about :)
