On Fri, 22 Sep 2017 05:38:43 +0200, Emanuel Berg wrote:

wrote:

Well, we'll have to differ on this. Everything is updated via the
Internet these days including things like the control software for a
Tesla.

Well, I use the Debian repositories for software and upgrades, and I
suppose that counts as "via the Internet", but unless those archives are
compromised it should be safe.

There are also systems of verification, hashes,
checksums, and such, not that I ever bothered, but there are people who
are more paranoid/careful or have just taken an active interest in
computer security who do that every time.

The most difficult password systems in the world can be broken with
quantum computers. And those things calculate probabilities and not
actualities as a normal computer does.

Brute force attacks, no matter the level of sophistication, still
require that many, many such attempts can be made. It's a big operation
to carry it out from many laps around the world and compile the results
because a fraction of those attempts from a single source or in a short
time-frame should raise a red flag at the admin's HQ.

There is an entire underworld of possible control and a great deal of
it is based on errors introduced by higher level languages.

The only such language specific vulnerability I'm aware of is the so
called seekwell injection. SQL, a domain-specific query language
(relational algebra) used for databases, anyway it prompts the user for
input, like ask for a name, only the user (hacker-cracker) inputs SQL
commands, which the database executes, which worst-case can bring the
system down instantly even with a trivial error (e.g., division by
zero). However scary this might sound, if the database just
quotes/escapes the input - automatically, every time, most likely by a
single line of code - then the system can't be harmed that way.

Are you aware that the Americans cracked the software in the uranium
centrifuges in Iran and was able to make them break down?

The little I know of that is that they had access to very specific
details from the guys who built it - Germans? I don't remember.


There are a shed load of ways to get into computers from outside.
Unpatched vulnerabilities all over the place.

https://metasploit.com/

Deephack AI cracking https://www.youtube.com/watch?v=wCky_QCEzHU
Machine learning. It learns as it goes along... Which is nice.

No matter what language software is written in there will always be
errors. System complexity is so high that there is always going to be
something missed. A small thing with some unexpected consequence which
leads to a bigger thing and so on.

You claim to use Debian so you must be well aware of this small problem
spreading business every time you do "apt-get update to not working".

I sincerely hope you are not in charge of security at Zoho or are lying
about your email address. It's never good for a computer services company
to have their staff running around sounding clueless on the internet.

Anyway to return to a more bike related question. Who is going to be the
first to install Linux on a bike? Things are getting pretty hi-tech now.
--
davethedave