On 07.09.17 13:32, Adam Borowski wrote: > On Thu, Sep 07, 2017 at 09:17:20PM +1000, Erik Christiansen wrote: > > If our hosts cannot be trusted not to phone home to folk wearing dark > > glasses, then would it not suffice to employ a simple embedded host with > > a small die, such as an ARM, e.g. Beaglebone Black, as a firewall? > > It's not hard to trigger a backdoor using a higher level protocol, from > Javascript, etc.
But no-one who is awake would enable java or any of that stuff on a firewall. Back doors on the LAN can't phone home through a minimal-silicon RISC embedded firewall which is just too small to contain any secondary CPU. It just needs to run a minimal kernel with packet routing capability. Everything else is a door into vacuum. Erik _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
