[Cryptography] practical verifiable systems -- forensic and otherwise, cheap and otherwise

Chris Kuethe chris.kuethe at gmail.com
Fri Mar 6 17:07:32 EST 2015


On Thu, Mar 5, 2015 at 6:35 AM, Jerry Leichter <leichter at lrw.com> wrote:
> Recent example:  NetApp sells high-end disk arrays.  The management system
> for them is based on SOAP over HTTPS.  (I think you can configure it to use
> HTTP, but let's not go there.)  Older versions of the software - way too
> recent for there to be any excuse for this - supported only SSLv3.  More
> recent versions support both SSLv3 and TLS1.0 - but TLS support is off by
> default.  I don't know if any versions of the software support the latest
> TLS versions.

I was looking at some WORM drive appliances recently, they're
implemented with basically standard drives running custom firmware.

Clearly the vendor is adding some metadata to the user data and using
that to make access control decisions... You could ask what else got
changed in the firmware besides the ability to overwrite or changed
allocated blocks? Firmwares are apparently field-upgradable, but I
didn't get a chance to experiment with the drives.

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?


More information about the cryptography mailing list