Re: Intel Hack is NSA backdoor 'Discovered', NSA created BITCOIN - What's to worry?
@hardwarewallet: I think you are over a bit here. I have read your blog post explaining Meltdown and Spectre for the average person. Nice summary. I wonder how you can say, router OS or hardware wallets are secure. I cannot see how you derive this.
On your statement:
With your words one would think to be secure. But the opposite is true! Even worth, reality is doing it exactly this way:
Looking at the providers, e.g. AT&T is asking for Open Network Automation Platform, which is exactly an OS with apps on top. And Cisco operating system is the same (only old IOS maybe... IOS-XE extended IOS and it's monolithic problems by abstracting some modules, with an underlying operating system is based on a Linux distro, IOS XR uses QNX, ...), Juniper uses FreeBSD, and you will find similiar on Nortel/Nokia/...
I have no proof that these systems are vulnerable or not, and I also have no proof, that the hardware wallets are secure or not.
Maybe best wording is, that up until today, no security issues (side channel attacks like Meltdown/Spectre) have been found in the wild for these systems (or at best are difficult to implement, cause attack vectors are limited...).
In security the wording is more decent. Statements are linked to specific environments and test cases, and do not derive "general security" for others from the observations. Security is a beast... You cannot only predict security, only when you have a fully deterministic machine.
So stating that hardware wallets or Routers are secure, is most probably overdoing it (if not wrong, but that will only be shown by the future
).
On your statement:
Quote
No, your router is not vulnerable to Meltdown/Spectre because it's not running any applications, it's a standalone device."
this wording creates wrong expectations. Even as non-expert in security one could easily create a linux box with two network cards, and then on top of the operating system run an application, which routes data from one network to the other. And also it is not at all stand alone... With your words one would think to be secure. But the opposite is true! Even worth, reality is doing it exactly this way:
Looking at the providers, e.g. AT&T is asking for Open Network Automation Platform, which is exactly an OS with apps on top. And Cisco operating system is the same (only old IOS maybe... IOS-XE extended IOS and it's monolithic problems by abstracting some modules, with an underlying operating system is based on a Linux distro, IOS XR uses QNX, ...), Juniper uses FreeBSD, and you will find similiar on Nortel/Nokia/...
I have no proof that these systems are vulnerable or not, and I also have no proof, that the hardware wallets are secure or not.
Maybe best wording is, that up until today, no security issues (side channel attacks like Meltdown/Spectre) have been found in the wild for these systems (or at best are difficult to implement, cause attack vectors are limited...).
In security the wording is more decent. Statements are linked to specific environments and test cases, and do not derive "general security" for others from the observations. Security is a beast... You cannot only predict security, only when you have a fully deterministic machine.
So stating that hardware wallets or Routers are secure, is most probably overdoing it (if not wrong, but that will only be shown by the future
).