On 2020-04-08 18:02, Rudolf Leitgeb wrote: > A public facing server with ftp, http, smtp and sshd would have had to be > patched > in regular intervals to remain reasonably secure.
False, even though you have lowered the bar from "anything/everything is hackable". httpd and libressl have done quite well despite talking over http to anyone and dealing with crappy interfaces like ASN.1 for TLS. You missed the point. If your interface requires authentication first, like ssh then that is good, it has a good record. If your interface requires auth in a simple format and is a very simple interface after that fact. Then you will find examples of devices and services that have never been hacked, even without the layers of defence of sshd, though you are free to have some of them! ergo the mantra of anything is hackable is bullshit, largely spread by pen testers and fuzzers. There isn't much to fuzz when auth of a simple key is required up front. Most hacks occur by inside users not remote and that is a whole other matter but that does not mean that anything is hackable. "everything is hackable" is FUD
