Netduino home hardware projects downloads community

Jump to content


The Netduino forums have been replaced by new forums at community.wildernesslabs.co. This site has been preserved for archival purposes only and the ability to make new accounts or posts has been turned off.
Photo

Security


  • Please log in to reply
2 replies to this topic

#1 Charles

Charles

    Advanced Member

  • Members
  • PipPipPip
  • 192 posts

Posted 13 October 2010 - 05:48 AM

In the last day or so, Microsoft released a record number of patches for critical security flaws in Windows. At the same same, worms like Stuxnet have been specifically targeting embedded systems that control utility networks. My concern is that, since Microsoft wrote the framework at the core of the Netduino, what will our security exposure be when running this thing on he Internet?? Are we going to be doomed to update the firmware on our N+'s once a month??

#2 Chris Walker

Chris Walker

    Secret Labs Staff

  • Moderators
  • 7767 posts
  • LocationNew York, NY

Posted 13 October 2010 - 06:13 AM

Hi Charles, In theory the .NET Micro Framework has a much, much smaller surface of attack than a desktop operating system (+ applications) like Windows. Additionally, the networking stack is the open-source lwIP networking stack--which has in theory been fairly well vetted (including the source). Microsoft doesn't issue patches for Windows CE or .NET Micro Framework very often. Chris

#3 Chris Seto

Chris Seto

    Advanced Member

  • Members
  • PipPipPip
  • 405 posts

Posted 13 October 2010 - 06:49 AM

Another potential issue is that a worm woudl need to inject it's own active code into the target to do anything. In order to do that, it would have to reflash the Netduino to have a lasting impact.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

home    hardware    projects    downloads    community    where to buy    contact Copyright © 2016 Wilderness Labs Inc.  |  Legal   |   CC BY-SA
This webpage is licensed under a Creative Commons Attribution-ShareAlike License.