[Info-vax] OpenVMS versus Windows/GE Telemetry Control Systems.
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Wed Jan 16 07:49:54 EST 2013
On 2013-01-15, David Froble <davef at tsoft-inc.com> wrote:
>
> Well, if you're not going to go along with my light hearted approach,
> then all I'll say on the matter is that people are suppose to know what
> they are doing, or they should not be doing it.
>
> I'm sure there are lots of ways to 'vet' a USB memory stick before using
> it in a secure environment. I'm sure there are many other methods of
> insuring maleware doesn't reach vital systems.
>
And what happens when that USB stick, in addition to declaring itself as
a mass storage device also decides to declare itself as a HID keyboard
so that it can enter commands ? :-)
>
> To me, one of the few things that I can think of is computer systems
> that know how to vet anything fed to them, and do so. Variations on
> that theme might be the "sandbox" approach you seem to favor, software
> that can be set up to accept only certain things and rejects anything
> else, and such. No autorun stuff that can get at the OS. Just specific
> applications for accepting valid data.
You don't need autorun to get at the OS if you are targetting a specific
site and can arrange for your own USB stick to be plugged into a system
on that site.
IOW, you might think to vet files on a mass storage device before
allowing access, but did you also think to vet something which looks
like a keyboard ?
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list