Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Jan 2018 08:26:53 -0500
From:      Aryeh Friedman <>
To:        Dave B <>
Cc:        Daniel Feenberg <>, Ed Maste <>,  FreeBSD Mailing List <>
Subject:   =?UTF-8?Q?Re=3A_32_bit_fix=3F_=28Was_Re=3A_Meltdown_=E2=80=93_Spectre=29?=
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wed, Jan 10, 2018 at 8:13 AM, Dave B via freebsd-questions <> wrote:

> Hi.
> Many of those appliances are marketed as being able to make your files
> available to you, even when you're not at home.  (Music, photos etc.)
> They come with crude mobile app's (among other things, to monetize the
> user) and the security/authentication varies from so so, to nil.
> (Guess what most users opt for, because "it's difficult" to do it
> securely.)   Remember, we're talking about Joe Public, not a sysadmin!

Even people who *SHOULD* "know better" do stupid things like use default
passwords and disable firewalls, etc.   For example many of the doctors
that my largest client works need to abide by HIPAA (we even given them
advice on how to do this) which among other things has up-to $50k per
patient/per breach fine for the unauthorized release of patient health
information (PHI).  They will then attach these systems to all kinds of
devices that are explicitly not HIPAA compliant (nor make any claim to be)
as well attach them to semi-public systems like on-line appointment booking
and pharmacies (here in NY State for example paper prescriptions are now
illegal, they must be filed electronically).

In short in today's connect world there is no such thing as an completely
isolated/air gaped system.   Even more troublesome is the bad guys *KNOW*
this and target systems that give the user a false sense of security (like
many medical IoT devices do and/or the EMR [electronic medical records])
due to no one reads the fine print of "if we are put in a secure
environment we will not break the security" [aka all bets are off in
unsecured environment].

Aryeh M. Friedman, Lead Developer,

Want to link to this message? Use this URL: <>