[aprssig] Secutiry for the aprs protocol and software
Scott Miller
scott at opentrac.org
Tue Aug 25 23:50:12 EDT 2009
> The proper question is:
> How difficult would it be to compromise a system via the APRS-IS data
> stream? The answer: _VERY_ difficult, highly unlikely and completely
> dependent on the software you are using to get the data. The exploit would
> essentially have to be client specific and not APRS-IS dependent. You're
> more likely to get compromised while reading your email than using the
> APRS-IS data feed.
I'm not convinced that it's THAT impossible, but you're right, it'd be
entirely dependent on the client software. Has anyone ever looked
closely at potential buffer overflows in APRS clients?
Here's the classic introduction to the subject...
http://insecure.org/stf/smashstack.html
Scott
N1VG
More information about the aprssig
mailing list