WannaCry [OT]

Mark Waddingham mark at livecode.com
Mon May 15 13:00:24 CEST 2017


On 2017-05-13 19:05, Richmond Mathewson via use-livecode wrote:
> You cannot send a virus to a BBC because the whole system resides on a 
> ROM chip!

Not true - if you have any persistent storage attached to a system (e.g. 
your winchester disk),
and that system interacts with data which comes from outside (via the 
DIMM port) then 'all' an
attacker needs to do is find a vulnerability in the code which executes 
when receiving data
on that port allowing arbitrary code to be executed (which would be 
hidden in the message), and
find a place it can inject itself onto your persistent storage which is 
loaded into memory
and executed and the rest is history...

Of course, the amount of return you'd get on trying to hack such ancient 
setups is probably
zero so you are probably fine.

However, lots of legacy systems still run mission critical 
infrastructure around the globe
so age of systems has nothing to do with vulnerability - as soon as it 
connects to any external
information source whether it be humans, or the internet there is 
potential risk.

For example there was a whole raft of virii on Acorn Archimedes machines 
- usually distributed
via tweaking the boot record of floppy discs to inject malicious code; 
and around the same time
MS had to do something about AutoRun - which was the source of a great 
deal of viral infections
when people handed around USB sticks without thinking.

Warmest Regards,

Mark.

-- 
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps



More information about the use-livecode mailing list