Quoted from Coyote:Juuuust waiting for a hacker team to find a way into these machines, and turn them into DDOS clients or worse.
No shit. Expecting a pinball company to do this securely is ludicrous. Sitting ducks.
You're currently viewing posts by Pinsider TheFamilyArcade.
Click here to go back to viewing the entire thread.
Quoted from Coyote:Juuuust waiting for a hacker team to find a way into these machines, and turn them into DDOS clients or worse.
No shit. Expecting a pinball company to do this securely is ludicrous. Sitting ducks.
Quoted from chickenscratch:Sorry, but very wrong. There’s no outside initiated inbound communication from the WAN to the pin unless you port forward to its private IP address. So all you got is inside initiated outbound communication and what’s it going to talk to other than Stern’s servers?
Your Ethernet chip flaw argument is due to things like Intel out of band management; this shit aint going to have that lol!
There’s no surface area other than a LAN attack or an attack on infrastructure the pin initiates communication with.
Your argument would only hold true if you direct connect your pin to the internet with a public IP address, but this isn’t 20 years ago, and no one accidentally does that these days. Everything is NAT’d/PAT’d with ingress from the WAN completely closed off unless you open it, but that’s dumb, and on you.
Edit: added a bunch of words to clarify as I’m not sure I’m taking to someone that knows IT, so added things to assume I wasn’t, or at least thinks they do; also phone autocorrect BS like 3 times fml
If there’s an app running on the pin and it’s connected to the Internet it’s hackable. Stop talking nonsense.
Quoted from flynnibus:This is old thinking... the thing consumes internet services - that gives vectors. Protocol stack, DNS, MITM, OpenSSL, etc. Most of these in the wild will be put on network that is not secure so dependent services will be points of attack. Getting the device to talk to spoofed servers, then attacking it that way, etc. The old "there are no listening ports so we are invincible" mindset is so bad and out of date. You think Stern is gonna be patching zero day stuff in the multitude of services and libraries they are undoubtedly building their services upon? And this doesn't even begin to cover what happens if someone targets the servers.
Just how well do you think the sandbox'ing is in a platform that has never had to deal with running alongside exposed services or tasks of different privileges?
This.
And this is why CISO’s shouldn’t report to CIOs.
Quoted from chickenscratch:Again… all the jargon. And we’re arguing over something that can be fixed in 5 minutes by reflashing your SD card. We do not live in the age of hacking for the fuck of it, and there’s zero money to be made from hacking pinball machines unless you target Stern, which I said from my og post was the only concern… and that’s on them. Non-issue.
Ransomware? And this is why CISO’s shouldn’t report to CIOs.
You're currently viewing posts by Pinsider TheFamilyArcade.
Click here to go back to viewing the entire thread.
Wanna join the discussion? Please sign in to reply to this topic.
Great to see you're enjoying Pinside! Did you know Pinside is able to run without any 3rd-party banners or ads, thanks to the support from our visitors? Please consider a donation to Pinside and get anext to your username to show for it! Or better yet, subscribe to Pinside+!
This page was printed from https://pinside.com/pinball/forum/topic/all-access-connected-stern-monthly-fee-for-some-online-features-?tu=TheFamilyArcade and we tried optimising it for printing. Some page elements may have been deliberately hidden.
Scan the QR code on the left to jump to the URL this document was printed from.