This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/iot-wg@ripe.net/
[iot-wg] serious vulnerabilities FreeRTOS
- Previous message (by thread): [iot-wg] serious vulnerabilities FreeRTOS
- Next message (by thread): [iot-wg] serious vulnerabilities FreeRTOS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Töma Gavrichenkov
ximaera at gmail.com
Tue Oct 23 03:04:33 CEST 2018
On Mon, Oct 22, 2018 at 9:40 PM Jim Reid <jim at rfc1035.com> wrote: > The vulnerabilities are apparently in the TCP/IP stack. How is this possible? Rock-solid public domain TCP/IP code has been around since BSD4.4 20+ years ago. Or even earlier. Why would someone shun that, write their own code and do it badly? Sometimes the publicly available TCP handling code might seem to be too slow and bloated for an embedded software. Embedded developers are used to get rid of the security checks they believe are unnecessary, because it reduces both computational time and memory footprint. I actually have a device almost at my disposal which implements its own TCP driver in the most effective and braindead way. I'm going to check against my NDA if I can share the details, but, spoiler, you'll be shocked of what it does with plain old poor TCP. | Töma Gavrichenkov | gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191 | mailto: ximaera at gmail.com | fb: ximaera | telegram: xima_era | skype: xima_era | tel. no: +7 916 515 49 58
- Previous message (by thread): [iot-wg] serious vulnerabilities FreeRTOS
- Next message (by thread): [iot-wg] serious vulnerabilities FreeRTOS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]