what's the real SLOW parts in popular OS/OS theories?

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
User avatar
Combuster
Member
Member
Posts: 9301
Joined: Wed Oct 18, 2006 3:45 am
Libera.chat IRC: [com]buster
Location: On the balcony, where I can actually keep 1½m distance
Contact:
Contact Combuster

Re: what's the real SLOW parts in popular OS/OS theories?

Post by Combuster »

Where's your ISP? Let's MITM this :twisted:
"Certainly avoid yourself. He is a newbie and might not realize it. You'll hate his code deeply a few years down the road." - Sortie
[ My OS ] [ VDisk/SFS ]
Top
rdos
Member
Member
Posts: 3310
Joined: Wed Oct 01, 2008 1:55 pm

Re: what's the real SLOW parts in popular OS/OS theories?

Post by rdos »

berkus wrote:So just adding a custom firewall in between your system and the internets you can

a) figure out the IP and port it connects to,
b) Re-route packets to impersonator host that would configure your terminal in some custom way.

And since there are no flaws, you probably haven't protected against that either.
Won't work. The communication protocol is binary & proprietary.

In addition to that, you need to open the terminal in order to insert a new firewall, and the only way
of getting it operational after that is to use a function-card that is validated against our host system.
Top
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:
Contact Solar

Re: what's the real SLOW parts in popular OS/OS theories?

Post by Solar »

rdos wrote:Won't work. The communication protocol is binary & proprietary.
Ah, security through obscurity. Didn't work before, doesn't work today, won't work tomorrow. I sure hope your "binary & proprietary protocol" is encrypted, and encrypted well. (I worry about the key exchange process, for example, e.g. when an attacker taps one of those terminals.)
In addition to that, you need to open the terminal in order to insert a new firewall...
All I need is access to the network somewhere between the terminal and your host. Figuring out the IP of your host is a piece of cake, patching a machine with that same IP into the network at the local distribution node isn't much of a bother either if there's money to be had.

All that's assuming there's no "traditional" security flaw (like buffer overflow or stack corruption), or some social vulnerability at your company to be exploited.

Face it. Anybody saying "there are no security flaws in my system" is simply lying to himself. That's not me trying to flame you, that's me citing a fundamental truth of system security. There are only layers of "X more secure than Y".

I could get you into contact with a friend of mine who's working in data forensics and network security. The things he could show you about "binary and proprietary formats" would make your skin crawl...
Every good solution is obvious once you've found it.
Top
rdos
Member
Member
Posts: 3310
Joined: Wed Oct 01, 2008 1:55 pm

Re: what's the real SLOW parts in popular OS/OS theories?

Post by rdos »

Our application does not send sensitive card data over the Internet. This is not allowed by PCI. The data sent is for terminal configuration and local payment cards only. We have integrated against a provider of a validated bank-card solution that runs on a separate computer. They use an embedded Linux distribution. Thus, there is no economic incitament to hijacking our host connection, other than for a denial of service attack.
Top
Post Reply

Return to “OS Development”