[EAS] EAS D Day-10

[Alex Hartman]

All it takes is someone to trip over the power cord going to the
server hosting "apps.fema.gov" for the whole system to stop working.
Oh, and good work going with DNS... something i can very easily spoof.
SSL Cert you say? A vaild connection will get me the cert key. Dollars
to donuts a strategically placed JTAG on any SAGE or Dasdec will
extract it too. Security through obscurity. Hackers go for "lowest
hanging fruit"... something as stupid as a "Man-in-the-middle" attack
and a poisoned DNS server somewhere can take the whole system down.

I have an honest question for both Sage and Dadec. Did you hire any
hacker agencies to try and break into the system? If not... oops.

--
Alex Hartman

On Wed, Jun 20, 2012 at 9:08 PM, Tom Taggart <tpt at literock93r.com> wrote:
> If the FCC's glorified clerks fan out on July 1st looking
> for all those evil-doers who don't have their toy working
> yet there will be lots of screams.  And (***political
> message coming***) more suggestions that we need to end the
> reign of terror from Washington.
>
> Let's cut the balogna.  This is a very fragile system. I
> have both of my Sage units working with help from Harold
> Price..but I have a feeling that all it would take is a
> replaced router, a sullen switch, or a corrupted cable modem
> to cause future confusion in getting these things to talk to
> the internet. Out here in the real world we don't IT and
> networking experts readily available.  Of course, for those
> folks working with state mental institutions known as the
> public school and university systems, it gets even worse.
>
> The FCC has not helped the process with it's confusion on
> what is or is not approved equipment, and, for that matter,
> what the box will be allowed to do.
>
> _______________________________________________
> This is the EAS Forum Discussion List
>
> Please invite your friends to join our Forum!
> http://lists.radiolists.net/mailman/listinfo/eas
>
> And, remember the main page: http://eas.radiolists.net
>