Skip to content ↓ | Skip to navigation ↓

Not soon after we have these shiny new Netbook toys comes the idea that your 200 buck laptop may be a cracker goldmine…

http://tech.yahoo.com/news/nm/20090303/tc_nm/us_pc_notebook_security_3

Apparently to help keep costs low, the makers skimped on things like firewalls and other common security applications. This by itself will probably keep the IT Ninja from allowing these things to be deployed in their corporate environment and I am not even sure one of Tripwire’s agents would run on one of these tiny little things. All things being equal however, how do you keep the C level doods from buying one of these things because their form factor is very compelling for travelling execs and sales people who just need email and VPN connectivity…

The article does go on to explain that it will probably be casual users who buy these things and what would they steal “Family Photos?” To me that is not the point. A cracker is not always go for the quick money shot when they attack a system…they may be installing all sorts of goodies to turn your shiny new toy into a zombie or bot so they can use a bunch of them to eat your corporate brains…just another shot in the Ninja versus Zombie battle…

I might just have to go and buy one of these things to see if Tripwire’s enhanced file integrity software will run on it. I know the Tripwire Open Source will run on the linux versions. Or maybe Tripwire for Servers… should be fun…

Don’t forget to check out my tweet… just follow theorrminator on twitter…

Hacking Point of Sale
  • I'm curious if it is simply the lack of pre-installed software that is the issue? Certainly the windows firewall would be turned on by default (most technical people I know disable that right away, but CEO would not think of that.) Wouldn't an IT department insist on installing antivirus before allowing the device on the network?

    We've had this issue with VPN–to the point that it just plain wasn't allowed; you take your laptop home, but vpn client not allowed to be installed on home machine. Can't these netbooks simply be "conditioned" by IT when the CEO wants it set up for remote access?

  • If the IT dept even got its hands on it. These dang things are so cheap that a C level fella may just bring one in to fool around with…VPN's aside…how do you deal with webmail or Outlook Webaccess? No VPN required. Certainly something for the Ninja's to think about…