misunderstanding scale (was: Ipv4 end, its fake.)

Sun Mar 23 20:23:06 UTC 2014

On 23/03/2014 18:39, Mark Andrews wrote:
> As for printers directly reachable from anywhere, why not.

because in practice it's an astonishingly stupid idea.  Here's why:

chargen / other small services
ssh
www
buffer overflows
open smtp relays
weak, default or non existent passwords
information leakage from non-protected services

and so forth.

Nothing wrong with global reachability, don't get me wrong - and if I
thought for a pico-second that printers or any other connectible device
took even the most basic steps at handling security fundamentals, I might
even be ok about the idea.

But they don't: printer drivers and interface firmware are written by
people whose only ability is relaying eps and pcl files from one socket to
another and pumping their code full of rage-inducing bloatware, the only
purpose of which is to serve the blind whims of idiotic product managers
who derive a sadistic satisfaction from ensuring that their products
interfere as much as humanly possible with the process of committing ink
and toner to paper.  Security management doesn't even get a look in.

12 months after market debut, printer firmware updates cease forever for
that particular model, and the inevitable result is a line-rate bot spewing
obnoxious crap until the day that the device is thrown on to the scrap heap
that it deserved when it was first unpacked.

Exactly the same principal applies to pretty much any consumer device,
although I admit that printers are worse offenders than most.

We can all agree that what's needed here is full consumer choice and the
ability to address things globally, should one desire to do so.  In
practice, default deny is more sensible approach to handling the reality of
connecting devices to a public network.

Nick