Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 02-14-2013, 10:44 AM   #1
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,209
Karma: 5830430
Join Date: Feb 2012
Device: Too many.
[VaporWare] adding PSAD to Kindles

I added the [VaporWare] tag to the title before someone else raised the point.

The BBB (Block Big Brother) firewall is the predecessor of a more sophisticated firewall for protecting the Kindles from network intrusions.

The BBB firewall may be all that the majority of users need and/or want.
But for others - the future will be kWall (Kindle Firewall), which (**should**) share the BBB firewall structure.

The question to be discussed in this thread, is if an automatic, dynamic, intrusion detection system should be included with either of the firewalls (BBB or kWall) for the Kindles.

The PSAD (Port Scan Attack Detector) is described here:
http://cipherdyne.org/psad/

(And since I worked on that project in its early days, this is not as much 'vaporware' as it might at first seem.)
knc1 is offline   Reply With Quote
Old 02-14-2013, 10:57 AM   #2
twobob
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.
 
twobob's Avatar
 
Posts: 6,552
Karma: 6021142
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
"You must spread some Reputation around before giving it to knc1 again."

Unless I do it myself.

Assumption: Safety > inconvenience

Likely end user inconvenience: minimal to none.

PSAD space additions
Initial setup efforts
any usage learning curve or maintenance requirements
additional space overheads

This pathetically inconsequential list would comprise the only inconveniences I can think of at present, no doubt a troll could bring more food.

Compared to that let's consider the
Advantages:

Although PSAD may be a corner case for the average "live on the bookshelf/bedside" Kindle, there will be those who need this and don't know it or need this and don't have it.

In all three cases I see no ACTUAL downside. Other than the "I don't think I need it" people seeing it as wasted time. Well... Horse to water and all that.

Conclusion:

Thus I would utterly recommend ANY well thought-through piece of intrusion detection/prevention and or "security enhancement" software/configuration from a long-time track-record proven industry professional.

It's a no-brainer.

Solid thoughts and work! Shiny things abound!
twobob is offline   Reply With Quote
 
Enthusiast
Old 02-14-2013, 11:14 AM   #3
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,209
Karma: 5830430
Join Date: Feb 2012
Device: Too many.
At the moment, Kindles have a "closed door" policy towards NEW, incoming packets.
But as soon as we start changing that by allowing incoming service connections - -
Then the world will start trying to take advantage of that 'hole' in the firewall.

So I know I am preaching to the choir in the case of anyone who has run a computer service on the 'net.
But for those other folks, who don't know that they need it . . . .

For those who only have e-books on their Kindle, they might not mind if the world borrows a copy.
But for those who have PRIVATE information on their Kindle, this is a serious consideration.
knc1 is offline   Reply With Quote
Old 02-14-2013, 12:20 PM   #4
twobob
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.
 
twobob's Avatar
 
Posts: 6,552
Karma: 6021142
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
TBH for the VAST majority of people. That "closed door" is a Good Thing™.

Since the proxy protects the 3g and a home router generally at least prevents casual browsing of the average open port DMZ side again - in the main - people are inherently protected, by their own design or that of prescient "others" involved in the decision making process; the process that ultimately governed the overall "fabric" in which the less knowledgeable user would just use their device "As-is".

The same level of protection can't be said of an "out-and-about" kindle. Once one starts to punch holes and then wanders in with the madding crowd at a shared Café or some such... all bets are off and you better known your onions - or know someone who already did that work for you.

"Ways the hurt the Kindle", shall I count the ways? No. Of course it can be done.

Can the Kindle be abused and attacked "Yes, but your home windows laptop is WAY more at-risk"

Should one consider using this? Honestly? I will be once the dust settles on a solid config. Why wouldn't you?

Thanks.

Last edited by twobob; 02-14-2013 at 12:26 PM. Reason: ™ didn't do a ™
twobob is offline   Reply With Quote
Old 02-14-2013, 12:44 PM   #5
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,209
Karma: 5830430
Join Date: Feb 2012
Device: Too many.
Current USB net policy

The current USBnetworking policy, as recommended in the README_FIRST.txt file and supported in the scripting, is too use only pub-key authentication over Wifi.

Ah, but guess what is the most popular port in the world to attack:
(ssh == port 22, telnet == port 23):
https://isc.sans.edu/top10.html

And port 21 (ftp) gets at least an honorable mention.

(Click the port numbers in that summary report for details.)
knc1 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is the Adam now vaporware? dsvick News 19 06-01-2010 10:29 AM
Is the Pixel Qi vaporware? gastan News 27 05-28-2010 11:06 PM
Jetbook 0.35 update? vaporware? jerrywojo Ectaco jetBook 6 04-24-2010 10:27 PM
Vaporware emt General Discussions 14 03-15-2010 10:40 PM
Vaporware: Nuke 'Em if Ya Got 'Em TadW Lounge 4 01-22-2004 12:42 PM


All times are GMT -4. The time now is 03:15 PM.


MobileRead.com is a privately owned, operated and funded community.