In the last day or so, Microsoft released a record number of patches for critical security flaws in Windows.
At the same same, worms like Stuxnet have been specifically targeting embedded systems that control utility networks.
My concern is that, since Microsoft wrote the framework at the core of the Netduino, what will our security exposure be when running this thing on he Internet??
Are we going to be doomed to update the firmware on our N+'s once a month??
Security
Started by Charles, Oct 13 2010 05:48 AM
2 replies to this topic
#1
Posted 13 October 2010 - 05:48 AM
#2
Posted 13 October 2010 - 06:13 AM
Hi Charles,
In theory the .NET Micro Framework has a much, much smaller surface of attack than a desktop operating system (+ applications) like Windows. Additionally, the networking stack is the open-source lwIP networking stack--which has in theory been fairly well vetted (including the source). Microsoft doesn't issue patches for Windows CE or .NET Micro Framework very often.
Chris
#3
Posted 13 October 2010 - 06:49 AM
Another potential issue is that a worm woudl need to inject it's own active code into the target to do anything. In order to do that, it would have to reflash the Netduino to have a lasting impact.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users