Urgent/11 – Zero Day Vulnerabilities Impacting VxWorks

Wow, I was going to comment &quot;IoT, the &#x27;S&#x27; stands for &#x27;security&#x27;&quot;, but this is about VxWorks, a battle proven (literally) RTOS.<p>This illustrates a point that now, in 2019, there is literally no OS designed for security. I mean, security was never a <i>real</i> goal. Even software specifically written to address security requirements could easily have gaping holes (re Heartbleed)...

Seems WindRiver also adding[1] VxWorks support in the Rust language. There should be more efforts into bringing safer and secure languages, toolchains, even OS themselves into IoT, IIoT, and even RTOS worlds.<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;rust-lang&#x2F;rust&#x2F;pull&#x2F;61946" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;rust-lang&#x2F;rust&#x2F;pull&#x2F;61946</a>

The scale of this is baffling! And from what I&#x27;ve seen in the industrial side of things I doubt that everything will be patched anytime soon sadly.

Everything old is new again: &quot;WinNuke is an example of a Nuke remote denial-of-service attack (DoS) that affected the Microsoft Windows 95, Microsoft Windows NT and Microsoft Windows 3.1x computer operating systems. The exploit sent a string of out-of-band data (OOB data) to the target computer on TCP port 139 (NetBIOS), [...]&quot; <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;WinNuke" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;WinNuke</a>

Completely random aside, but the site&#x27;s scrolling is horrible. Clicking near the edge randomly starts scrolling when the bar isn&#x27;t visible and I can&#x27;t middle click and drag to scroll the page at all.

Not at all surprised.<p>Busy kitting out my place with (consumer - jikes) IoT...and basically just connecting the stuff long enough to get it online via Home Assistant.<p>...next step...firewall all the IOT IPs. Once they&#x27;re connected to Home Assistant they don&#x27;t need internet access.

Off topic:<p>Why are web developers constantly reimplementing native browser functionality? This site for instance has their own scroll implementation that&#x27;s laggy, adds unwanted smoothing, and of course has <i>less</i> functionality (middle-click scrolling doesn&#x27;t work, nor does autoscrolling). Fortunately I can get the native implementation by disabling scripts, but I&#x27;ve seen sites that are `overflow: hidden` so you&#x27;re forced to use their scrolling logic.

vxworks ... have you ever tried to implement something with that ugly hack? -- and seen how nice it can be with other, proper operating systems?<p>as many already said: not at all surprised.

There&#x27;s a reason it&#x27;s often referred to as &quot;Internet of Shit&quot;. I highly doubt anything is going to change until someone figures out how to use an internet-connected power outlet to burn down a house. It&#x27;s going to be a decade-removed version of the wireless router issue: huge botnets will go on for years and years and maybe eventually manufacturers will slowly close security holes and institute better practices. Even that I doubt, since routers are made by a handful of major companies and IoT devices are made by hundreds of fly-by-night outfits who&#x27;re likely to be out of business in five years.