From owner-freebsd-questions@freebsd.org  Wed Jan 10 13:26:54 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DAC32E9A221
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 10 Jan 2018 13:26:54 +0000 (UTC)
 (envelope-from aryeh.friedman@gmail.com)
Received: from mail-it0-x230.google.com (mail-it0-x230.google.com
 [IPv6:2607:f8b0:4001:c0b::230])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9DF8274726;
 Wed, 10 Jan 2018 13:26:54 +0000 (UTC)
 (envelope-from aryeh.friedman@gmail.com)
Received: by mail-it0-x230.google.com with SMTP id f143so16192689itb.0;
 Wed, 10 Jan 2018 05:26:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=OHK6w5z8SKiFAMhQCqRLk3P9MLD6NzExAYy/p1pcZ6Y=;
 b=Tz5x4GyoUxl9wac1xrZC5J1mmF4u8MOTMI4pihl++kiUPRtzuFssKO+dNUieewVJYa
 Zzo99cGNNTUIwm2xOd3TN0pgs42YBxrmaLIZT5/fHI9lEUdtHmh2+NZAYa+KxzhH/oJl
 37Rq+roTqU1QDfeYFpYTlGzq00vxDd9IsES7n+cnwcdV8XAkXKVD1YCcsXJzbJ/jLdzW
 75SmG8AkAPQjbGkrAHifbMkYZ5r7V1eF17ENkr8vbyG/MaLvqlX4qhMD8KMsuCGc3fX7
 xOfv3omsy2to5ZBvT3uBzDi8pOPCzi320Jj7IO+IfnKrTkw6l2of4JJcVVitdJtPk0hO
 Q1tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=OHK6w5z8SKiFAMhQCqRLk3P9MLD6NzExAYy/p1pcZ6Y=;
 b=GqDL+/VDXSPSWj/eSrzge7fwXKKKfR9NtL39WCQ7M0q0vWRHJdLFjUyrZV4GuOL4Lh
 XDo7tnBEqZ6K3FSNRwxQ9wHUwWgdbwYcwBLCFug635mfSuhVKCLeHSXwqPRMOiXb4Cvz
 UXOmFXFpqrnK/e0dUc1i/GEEGqB9NvOhJyE91d3u7p+jzK3JBPR0R0s8rLOET9yK8/Id
 GPIFK+PA2KZLHiwiOT6fJRLn8/z3SdnNgYBDKcW2w0yc6kI6RtN6X1dmrjAPzJ9Fp+qL
 f9FhoJMLNohGgd7Da55/h1swPHGysj5cC1+eSuN67r5Chf+pUaARJ3KbsFL/xBngRrqc
 D6yA==
X-Gm-Message-State: AKGB3mKt+4h83Hi9zbLQXLtHD/PEHYswAh9LnuLCSnos6LpNUMe7cGqC
 aVDXy1n85aU6OEwRIpRwJ+FS4G3Jscb/wEWRUiE=
X-Google-Smtp-Source: ACJfBotE9zWqBvtDcOS9/mePuOclO3OPoa7wT+5Wp7oVdJL95P02/COgc3gsE0qUrsCHkJJKvfEHd4wu6R1EsrJorqg=
X-Received: by 10.36.37.209 with SMTP id g200mr19979804itg.152.1515590814018; 
 Wed, 10 Jan 2018 05:26:54 -0800 (PST)
MIME-Version: 1.0
Received: by 10.36.105.3 with HTTP; Wed, 10 Jan 2018 05:26:53 -0800 (PST)
In-Reply-To: <ec0be3da-7bed-9604-c9d3-1c6ea9fc7ecb@googlemail.com>
References: <mailman.94.1515499202.64522.freebsd-questions@freebsd.org>
 <2e86bfd9-9141-2872-1946-0e9d26326433@googlemail.com>
 <CAPyFy2Ce+=tZpDMo6kUdpYXAw-=8CRYUFNtinUeGe-Lnp=tYsA@mail.gmail.com>
 <6523f352-c895-e488-8006-76495907745a@googlemail.com>
 <alpine.LRH.2.21.1801100728550.7115@sas1.nber.org>
 <ec0be3da-7bed-9604-c9d3-1c6ea9fc7ecb@googlemail.com>
From: Aryeh Friedman <aryeh.friedman@gmail.com>
Date: Wed, 10 Jan 2018 08:26:53 -0500
Message-ID: <CAGBxaX=MsWuumxLWNbtoTsUjrSmUf4crPXOMaiCRGq_hm1w6Ng@mail.gmail.com>
Subject: =?UTF-8?Q?Re=3A_32_bit_fix=3F_=28Was_Re=3A_Meltdown_=E2=80=93_Spectre=29?=
To: Dave B <g8kbvdave@googlemail.com>
Cc: Daniel Feenberg <feenberg@nber.org>, Ed Maste <emaste@freebsd.org>, 
 FreeBSD Mailing List <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jan 2018 13:26:54 -0000

On Wed, Jan 10, 2018 at 8:13 AM, Dave B via freebsd-questions <
freebsd-questions@freebsd.org> wrote:

> Hi.
>
> Many of those appliances are marketed as being able to make your files
> available to you, even when you're not at home.  (Music, photos etc.)
> They come with crude mobile app's (among other things, to monetize the
> user) and the security/authentication varies from so so, to nil.
> (Guess what most users opt for, because "it's difficult" to do it
> securely.)   Remember, we're talking about Joe Public, not a sysadmin!
>

Even people who *SHOULD* "know better" do stupid things like use default
passwords and disable firewalls, etc.   For example many of the doctors
that my largest client works need to abide by HIPAA (we even given them
advice on how to do this) which among other things has up-to $50k per
patient/per breach fine for the unauthorized release of patient health
information (PHI).  They will then attach these systems to all kinds of
devices that are explicitly not HIPAA compliant (nor make any claim to be)
as well attach them to semi-public systems like on-line appointment booking
and pharmacies (here in NY State for example paper prescriptions are now
illegal, they must be filed electronically).

In short in today's connect world there is no such thing as an completely
isolated/air gaped system.   Even more troublesome is the bad guys *KNOW*
this and target systems that give the user a false sense of security (like
many medical IoT devices do and/or the EMR [electronic medical records])
due to no one reads the fine print of "if we are put in a secure
environment we will not break the security" [aka all bets are off in
unsecured environment].

-- 
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org