(Topic ID: 300441)

"All-Access Connected" Stern Monthly Fee For Some Online Features

By SantaEatsCheese

2 years ago


Topic Heartbeat

Topic Stats

  • 205 posts
  • 81 Pinsiders participating
  • Latest reply 2 years ago by Frax
  • Topic is favorited by 10 Pinsiders

You

Linked Games

No games have been linked to this topic.

    Topic Gallery

    View topic image gallery

    dr evil (resized).jpg
    tumblr_p000k8HKdG1uphxvgo1_500.gif
    3DD6EF43-1306-4D72-89F1-60D9470A50CB.gif
    download.png
    1416.jpg
    AA75BA62-7A88-4071-86F6-623B36CFA277 (resized).jpeg
    pasted_image (resized).png
    02227B09-9390-483D-8C8C-87414E635E00 (resized).jpeg
    584F5A3A-A791-45C8-95F5-A4F82DADA4A3 (resized).jpeg
    make-it-rain-lil-wayne.gif

    You're currently viewing posts by Pinsider TheFamilyArcade.
    Click here to go back to viewing the entire thread.

    #114 2 years ago
    Quoted from Coyote:

    Juuuust waiting for a hacker team to find a way into these machines, and turn them into DDOS clients or worse.

    No shit. Expecting a pinball company to do this securely is ludicrous. Sitting ducks.

    #115 2 years ago
    Quoted from chickenscratch:

    Sorry, but very wrong. There’s no outside initiated inbound communication from the WAN to the pin unless you port forward to its private IP address. So all you got is inside initiated outbound communication and what’s it going to talk to other than Stern’s servers?
    Your Ethernet chip flaw argument is due to things like Intel out of band management; this shit aint going to have that lol!
    There’s no surface area other than a LAN attack or an attack on infrastructure the pin initiates communication with.
    Your argument would only hold true if you direct connect your pin to the internet with a public IP address, but this isn’t 20 years ago, and no one accidentally does that these days. Everything is NAT’d/PAT’d with ingress from the WAN completely closed off unless you open it, but that’s dumb, and on you.
    Edit: added a bunch of words to clarify as I’m not sure I’m taking to someone that knows IT, so added things to assume I wasn’t, or at least thinks they do; also phone autocorrect BS like 3 times fml

    If there’s an app running on the pin and it’s connected to the Internet it’s hackable. Stop talking nonsense.

    #116 2 years ago
    Quoted from flynnibus:

    This is old thinking... the thing consumes internet services - that gives vectors. Protocol stack, DNS, MITM, OpenSSL, etc. Most of these in the wild will be put on network that is not secure so dependent services will be points of attack. Getting the device to talk to spoofed servers, then attacking it that way, etc. The old "there are no listening ports so we are invincible" mindset is so bad and out of date. You think Stern is gonna be patching zero day stuff in the multitude of services and libraries they are undoubtedly building their services upon? And this doesn't even begin to cover what happens if someone targets the servers.
    Just how well do you think the sandbox'ing is in a platform that has never had to deal with running alongside exposed services or tasks of different privileges?

    This.

    And this is why CISO’s shouldn’t report to CIOs.

    Quoted from chickenscratch:

    Again… all the jargon. And we’re arguing over something that can be fixed in 5 minutes by reflashing your SD card. We do not live in the age of hacking for the fuck of it, and there’s zero money to be made from hacking pinball machines unless you target Stern, which I said from my og post was the only concern… and that’s on them. Non-issue.

    Ransomware? And this is why CISO’s shouldn’t report to CIOs.

    You're currently viewing posts by Pinsider TheFamilyArcade.
    Click here to go back to viewing the entire thread.

    Reply

    Wanna join the discussion? Please sign in to reply to this topic.

    Hey there! Welcome to Pinside!

    Donate to Pinside

    Great to see you're enjoying Pinside! Did you know Pinside is able to run without any 3rd-party banners or ads, thanks to the support from our visitors? Please consider a donation to Pinside and get anext to your username to show for it! Or better yet, subscribe to Pinside+!


    This page was printed from https://pinside.com/pinball/forum/topic/all-access-connected-stern-monthly-fee-for-some-online-features-?tu=TheFamilyArcade and we tried optimising it for printing. Some page elements may have been deliberately hidden.

    Scan the QR code on the left to jump to the URL this document was printed from.