Comments on: Are Your Digital Devices Certified Pre-0wned? http://www.veracode.com/blog/2008/03/are-your-digital-devices-certified-pre-0wned/ Application security testing, analysis, and metrics Thu, 09 Feb 2012 11:59:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Ma petite parcelle d'Internet... http://www.veracode.com/blog/2008/03/are-your-digital-devices-certified-pre-0wned/comment-page-1/#comment-902 Ma petite parcelle d'Internet... Mon, 07 Apr 2008 09:29:36 +0000 http://www.veracode.com/blog/?p=82#comment-902 <strong>Source Boston 2008...</strong> J'ai de nouveau du temps à consacrer à ces lignes, et en particulier à un rapide compte-rendu de la conférence Source Boston qui, comme je vous l'ai dit plus tôt, était excellente. Comme son nom ne l'indique pas, la conférence ne se déroulai... Source Boston 2008…

J’ai de nouveau du temps à consacrer à ces lignes, et en particulier à un rapide compte-rendu de la conférence Source Boston qui, comme je vous l’ai dit plus tôt, était excellente. Comme son nom ne l’indique pas, la conférence ne se déroulai…

]]> By: LonerVamp http://www.veracode.com/blog/2008/03/are-your-digital-devices-certified-pre-0wned/comment-page-1/#comment-885 LonerVamp Fri, 21 Mar 2008 20:45:10 +0000 http://www.veracode.com/blog/?p=82#comment-885 I'm surprised you consider this something that scares you the most. I mean, I could maybe worry just as much about getting bad beef in my own country, having a tracker in my Japanese-made car, or an embedded hardware keylogger in the keyboard made somewhere mysterious. You have a point in saying malware just touching everything and everyone way too much; network shares and passed-around devices pick up malware like fresh dung picks up flies. This might be more a problem with a porous OS or terrible detection/cleaning technologies. Or even perhaps poor risk management by people and companies to implement proper paranoia and prevention/detection measures to stem this tide. Good post! :) I’m surprised you consider this something that scares you the most. I mean, I could maybe worry just as much about getting bad beef in my own country, having a tracker in my Japanese-made car, or an embedded hardware keylogger in the keyboard made somewhere mysterious.

You have a point in saying malware just touching everything and everyone way too much; network shares and passed-around devices pick up malware like fresh dung picks up flies. This might be more a problem with a porous OS or terrible detection/cleaning technologies. Or even perhaps poor risk management by people and companies to implement proper paranoia and prevention/detection measures to stem this tide.

Good post! :)

]]> By: Apneet Jolly http://www.veracode.com/blog/2008/03/are-your-digital-devices-certified-pre-0wned/comment-page-1/#comment-884 Apneet Jolly Fri, 21 Mar 2008 16:18:58 +0000 http://www.veracode.com/blog/?p=82#comment-884 This is one reason I wish usb drives with read/write switches were more common. It seems like they used to be everywhere, but are now no where to be found. SourceBoston was great btw. This is one reason I wish usb drives with read/write switches were more common. It seems like they used to be everywhere, but are now no where to be found.

SourceBoston was great btw.

]]> By: Tyler Shields http://www.veracode.com/blog/2008/03/are-your-digital-devices-certified-pre-0wned/comment-page-1/#comment-883 Tyler Shields Fri, 21 Mar 2008 16:10:09 +0000 http://www.veracode.com/blog/?p=82#comment-883 Very scary stuff indeed. I recently posted on my blog about counterfeit routing hardware, namely Cisco gear, making it's way around through resellers and auction sites. The government is rightly concerned. If our routing infrastructure is seeing issues similar to the ones that you mentioned about, we are in deep trouble. http://www.donkeyonawaffle.org/index.py/infosec/counterfits Very scary stuff indeed. I recently posted on my blog about counterfeit routing hardware, namely Cisco gear, making it’s way around through resellers and auction sites. The government is rightly concerned. If our routing infrastructure is seeing issues similar to the ones that you mentioned about, we are in deep trouble.

http://www.donkeyonawaffle.org/index.py/infosec/counterfits

]]> By: MIchael Fitzgerald http://www.veracode.com/blog/2008/03/are-your-digital-devices-certified-pre-0wned/comment-page-1/#comment-882 MIchael Fitzgerald Thu, 20 Mar 2008 16:27:15 +0000 http://www.veracode.com/blog/?p=82#comment-882 Chris, Thanks for this great, informative post. I was going to circle back with you on the source for pre-0wned picture frames. I was hoping it was hypothetical. Oh well... Mike Chris,

Thanks for this great, informative post. I was going to circle back with you on the source for pre-0wned picture frames. I was hoping it was hypothetical. Oh well…

Mike

]]> By: John http://www.veracode.com/blog/2008/03/are-your-digital-devices-certified-pre-0wned/comment-page-1/#comment-881 John Tue, 18 Mar 2008 12:41:17 +0000 http://www.veracode.com/blog/?p=82#comment-881 How about having a policy that only allows the reading of data from such media if it was encrypted with the company key (and of course only allow writing encrypted data). Only the ones allowed to read plain data would be able to get infected/attacked/backdoored whatever, and those people need to be more aware than others, like security officers... How about having a policy that only allows the reading of data from such media if it was encrypted with the company key (and of course only allow writing encrypted data).

Only the ones allowed to read plain data would be able to get infected/attacked/backdoored whatever, and those people need to be more aware than others, like security officers…

]]> By: CG http://www.veracode.com/blog/2008/03/are-your-digital-devices-certified-pre-0wned/comment-page-1/#comment-880 CG Tue, 18 Mar 2008 00:02:09 +0000 http://www.veracode.com/blog/?p=82#comment-880 that's it, i'm powering down...forever... very cool post Chris that’s it, i’m powering down…forever…

very cool post Chris

]]>