These newer algorithms that require specific amounts of RAM and have time variables in them to force the decryption to take time are pretty interesting.
Hmmmm.... I'd be interested to see how that works and, more importantly, how does that impact proper decryption versus a cracking attempt?
6 Digit pass-codes are only a minimalist approach to attempt securing their devices.
It is better than 4 by a long shot and the cries if they forced users to switch from the simple code to alphanumeric would be immense
And there isn't any RDP type access to these devices where that access can be attempted remotely. That's a physical input device with a ten attempt limit. It's far more secure than the same thing on an SSH password, for example. I think that people are thinking of it in terms of different types of security.
Cisco routers in four countries have been discovered to have a SYNful malware variant creating back doors in them
I read about this already, but that neither that article nor the one you linked state clearly how the routers had the malware loaded onto them other than to state they were logged into with default credentials.
I've been wondering about that myself. Was this factory loaded, loaded from a shipping location, at customs, simply through online attacks.... any potential options.
Why is a VPN a security risk? because they give you (generally) full access to the network?
Correct. They create unnecessary exposure. Direct access to all hosts (typically) for all protocols and ports. The protections of firewalls and proxies are bypassed. They are generally the least secure form of access because they are the laziest - just expose everything and hope for the best.
We need to understand where and when it is happening and why it potentially makes sense and if and where potential concerns exist. But that data is being collected itself is not a major concern.
Agreed. I want a list of what they collect & why & how it's used & who can use it. Then I'll quit sharpening my pitchfork and disperse the mob.
Edit: I may settle for less explanation if they get super specific about what they collect.
Of course UEFI comes with its own risks, as we have recently seen, so it is more imperative that you trust your hardware maker when using UEFI. Not that trusting them wasn't always essential, but their toolkits for being naughty have expanded.
