Tag Archives: legacy

Risk Managing Residual Old-School Devices

I’ve encountered this risk discussed in this Forbes article more than once when taking over an organization and doing an initial information risk assessment. ¬†People tend to forget that these embedded devices can have simple or full fledged Linux distributions (or other OS) in the firmware. ¬†Also, the default ports that were left open can be eye opening.

An image from H.D. Moore's presentation on serial server security vulnerabilities, showing an oil and gas infrastructure setup networked with serial port connections. (via Forbes.com)

An image from H.D. Moore’s presentation on serial server security vulnerabilities, showing an oil and gas infrastructure setup networked with serial port connections. (via Forbes.com)

Researcher’s Serial Port Scans Find More Than 100,000 Hackable Devices, Including Traffic Lights And Fuel Pumps