Hi to all, the new possibility to flash the Fox Board with XP without SDK relies on the LAN mode of Fox flashing that needs jumper J8 to be inserted and then switch on the Fox to put the Fox itself in a state in which it listens for flashing packets.
It is NOT possible to flash the Fox with the Windows executable if you have not put the J8 jumper on the Fox and got it switched off and then on. For these reasons there is no security issue whatsoever involved with the new flashing possibility through a windows PC. So don't worry. The brick is still solid. To disable possibility to flash the Fox via web by mistake or on purpose by unauthorized access, you can disable the ftdp Fox server in the config options of the SDK so that no ftp access is possible to flash the Fox over the web. I will have a look on how to change the root password on the SDK in permanent way so that the resulting fimage will have the new password. Roberto Asquini xfingerfox32 ha scritto: > > Hello group, > > I would like to avoid the possible potential security risk intoduced > with the possiblility of flashing foxboard with XP without SDK. > In a perfect world there would be no problem, but what if someone > else what to get control of my foxboard? > > Is any way i could: > > a) Avoid flashing foxboard? > If you know it is a foxboard, you could flash a new fimage and get > control or just mess it. It's nice that is very hard to brick a > foxboard (in fact i did every mistake i could do to brick it and i > always could restore it again) and very easy to flash. > What about a new jumper where only if you could get into the hardware > you would be allowed to re-flash, not just over the network? > * Note that i want to still be able to flash over ethernet and via > WEB. > Via web is just a matter of programming with password to enter the > flash mode area for example. > > b) Change the password for root in he SDK > Note that i dont whant to flash a fimage, log into with root and then > change the password, i would like flash the new fimage with the new > password, so no one can telnet it and get control, unless you know > the new password. > Which files should i change it? I know the SALT but i miss where else > should i change to be able to telnet with the new password. > > Any help would be apreciated. > > Cheers, > Alexander > > > > __________ Informazione NOD32 2142 (20070324) __________ > > Questo messaggio รจ stato controllato dal Sistema Antivirus NOD32 > http://www.nod32.it -- Roberto Asquini Acme Systems srl [EMAIL PROTECTED] http://www.acmesystems.it
