Everand Logo

Welcome to Everand!

  • PC Pro Magazine

    “If Ripple 20 teaches us anything, it’s that the old rules about updates and explo its will not wash anymore”

    Oct 08, 2020 9 minutes

    I know I’m becoming a grumpy old man (grumpier – Ed). My tolerance for manufacturers that deliver poor products is getting smaller by the year. I haven’t yet got to the point of going nuclear with a company over the shoddy products that they ship, but I came close recently.

    Much of this upset comes down to the way that companies are handling security issues, especially fixes in firmware. The inescapable reality is that new security exploits are found all the time – one of this summer’s treats has been the Ripple20 set of exploits, which was found by JSOF (jsof-tech.com/ripple20).

    In essence, JSOF found 19 vulnerabilities, including multiple remote code executions. What was special about Ripple20 was the way in which it got out into the wild. The back story here is that these exploits were present in a low-level TCP/IP software library developed by a company called Treck Inc. This library was incorporated into a huge range of products by developers, who essentially bought it as an off-theshelf component and put it into their products. I’m sure there are vendors who aren’t even aware that the Treck stack was used in their products, especially if they outsourced their software and firmware development to a third party.

    Now for the scary part: the best estimates put the number of exposed devices into the billions. Not millions, billions. Treck has released an updated library (version 6.0.1.67 or later) without the issues, which can be compiled up into a new software

    You’re reading a preview, subscribe to read more.

    More from PC Pro Magazine

    PC Pro Magazine3 min read
    Asus Vivobook Pro 15 OLED (2024)
    PRICE £1,333 (£1,600 inc VAT) from uk.store.asus.com This year’s update to Asus’ Vivobook Pro 15 makes one thing obvious: the days when you had to pay over £2,000 for a powerful mobile workstation are gone. Packed inside this 1.8kg monster you’ll fin
    PC Pro Magazine9 min read
    Turn Your Dumb TV Into A Smart One With A Raspberry Pi
    Old TVs are cheap to replace, even if you’re buying something larger or smarter. But disposing of a spare display is wasteful. It could be given a second life in a kitchen or bedroom – and, while you can’t make your old TV any bigger, you can make it
    PC Pro Magazine9 min read
    7 Habits of highly Effective IT Pros
    Short-term thinking is the absolute enemy of effective working. I have lost count of the number of times I’ve completed a firewall audit, only to find an incoming route punched through the firewall because the CEO wanted to run some weird software fr

    Related Books & Audiobooks