Linux/Moose Worm Targets Routers, Modems, and Embedded Systems

An anonymous reader writes: Security firm ESET has published a report on new malware that targets Linux-based communication devices (modems, routers, and other internet-connected systems) to create a giant proxy network for manipulating social media. It's also capable of hijacking DNS settings. The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+. Affected router manufacturers include: Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone. The researchers found that even some medical devices were vulnerable to the worm, though it wasn't designed specifically to work with them.

Finally, a use for facebook.

[BarbaraHudson]

The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+.

I like it :-)

Re:Finally, a use for facebook.

The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+.

I like it :-)

+1 Would read again.

Re:Finally, a use for facebook.

That makes one more use for it than we can find for you.

Re:Finally, a use for facebook.

I follow you...

Re:Finally, a use for facebook.

[BarbaraHudson]

That makes one more use for it than we can find for you.

That's great because I really don't want to be "used" by you. :-)

Re:Finally, a use for facebook.

[aynoknman]

The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+.

I like it :-)

I don't quite follow you

No worries mate

The Moose worm does not rely upon any underlying vulnerability in the routers – it is simply taking advantage of devices that have been weakly configured with poorly chosen login credentials.

Re:No worries mate

[chipschap]

Which raises the question, why is this even news? Is it more Linux/open-source bashing by the commercial OS crowd? It doesn't even make sense. Turn on remote admin and leave a default password in place, and it's the fault of Linux when you get hacked?

Re:No worries mate

Above average levels of hyperbole for slashdot article on an exploit.

The researchers found that even some medical devices were vulnerable to the worm

"How can we say anything with default credentials or possibly bad configurations in the most scary possible way"

Re:No worries mate

[cusco]

The simple fact that you can leave the device with a default password encompasses several levels of stupidity. 1) Programmers who do not require password to be changed, 2) Manufacturers who will install that firmware, 3) Customers who leave it that way. Level 3 shouldn't even be possible except for stupidity and laziness in Level 1 and 2.

Re:No worries mate

It's good to forward to... Oh who am I kidding, anyone who leaves the damn default password in place, at this point, is never going to figure it out.

Re:No worries mate

[fuzzyfuzzyfungus]

It's news not because of OS(I don't know if they bothered; but exploits at the 'just use the default password against the external telnet interface' level would work against basically any OS, and the only real obstacle to executing a payload with the functions described would be that some of the really nasty VXworks-based devices are so RAM-starved that they can barely do their job, much less run malware at the same time); but because the security of nearly all 'consumer', and a disturbing number of more expensive, embedded devices is still utter shit.

It is bad enough that such plastic-box devices typically are shipping software well behind the curve(2.6X kernels, http servers with vulnerabilities that were closed upstream months before the device in question was released, that sort of thing); but 'default configuration leaves telnet listening on the WAN port, with weak credentials for root login' goes well beyond 'bug' and right into 'We Just Don't Care' territory. Even better, the same damn story has been true for at least the past decade, probably longer(though its importance has increased as the cost has fallen and number of little embedded boxes lurking around has skyrocketed).

At least on the desktop and server, some of the worst insecure-by-default atrocities have been ironed out, so attackers are now moderately likely to need to use vaguely clever vulnerabilities(even if they can often get away with ones that were patched months ago) or social engineering; but embedded crap hasn't even reached that level of security.

The fact that telnet is even there(outside of 'recovery' scenarios, where the emergency nature of the situation and availability of only the most limited resources make super-simple protocols like telnet and TFTP valuable) when OpenSSH has been available for the last 15 years, and less liberally licensed versions a bit longer, is disgusting in itself. Having it on the WAN, much less by default, is just depraved.

Re:No worries mate

[keneng]

GENERAL RULE OF THUMB: NEVER ALLOW REMOTE ACCESS TO THE ROUTERS.
ONLY PHYSICAL ACCESS DIRECTLY IS THE BETTER APPROACH. In Canada, when you use a vdsl2 modem, it usually needs to be a BELL provided modem. The default password is something BELL provides to you to connect to their network. The wifi access/router access password can be changed yes.

Where problems arise that I have noticed recently are local wifi-hackers ddos'ing not only BELL vdsl2 modem wifi access points, but also if you have a bridged modem after that providing other wifi access points, then those wifi-hackers will ddos those also. I goes without saying, there is more than ddos'ing happening here. I wasn't really curious enough to sniff the actual traffic, but once I turned off both the bell wifi access point and the bridged modem's wifi access point, problems went away and the bandwidth and expected responsive connection behaviour was back to normal. If you really need wifi, turn it on for the limited time that you need it rather than all the time. That will minimize the attack surface.

Sure there are parameters for defending against ddos, separate vlans per user, etc, BUT firewalls on each computer on the lan is what really matters the most.
ADOBE FLASH is the biggest virus injector of them all. I'm happy Youtube doesn't use it anymore. I hope the other web sites get rid of ADOBE FLASH also.
There is no reason not to use open-source streaming servers like flumotion and encoders like ffmpeg/theora. daala video is coming soon I hope.

Re: No worries mate

Or programmers who leave hard coded, unremovable credentials in embedded systems?

Re:No worries mate

[Grishnakh]

1) Programmers who do not require password to be changed,

Hey, don't blame the programmers. Most likely, someone did suggest requiring the password to be changed, and management said no for some dumb reason.

Re:No worries mate

1) Programmers who do not require password to be changed,

Hey, don't blame the programmers. Most likely, someone did suggest requiring the password to be changed, and management said no for some dumb reason.

And the programmers, like good little sheep, went and implemented what they were told, without arguing further in support of the password-change requirement.

Re:No worries mate

Oh, most of them probably argued. Those that argued vociferously were fired or quit. Those that argued strongly ultimately decided they needed a paycheck. That's the pattern on security decisions at multiple businesses I've seen.

Re:No worries mate

Well, that's how most windows systems get compromised, and /. always deduces its Micro$ofts fault.

Re:No worries mate

The simple fact that you can leave the device with a default password encompasses several levels of stupidity.

No, not having sane defaults is an act of stupidity. The first few routers I bought had generic defaults "admin" and "password", the last few I bought? Still "admin" however the password was a random string "addafdlskfaj432af" and differed for every router. Requiring the user to set his own password just invites bad passwords - this has been repeatedly shown by every leaked list of passwords ever, add requirements to the passwords and users will use the most obvious workaround. Set a sane default for each unit, document it in a convenient place ( bottom of the router should be secure for 99% of users ) and leave password change completely optional for those who know what they are doing.

Most internet users are not computer experts, some will blue screen when confronted with technical issues or just fail to grasp the underlying problem. Do not expect them to make the right choice. When forced to make a choice they will make the easy choice, the choice where everything just works with the least amount of hassle. Good designs should be fool proof and remove the user from the process as much as possible. Computers also should automate, every manual involvement is a failure to do so and just asks for user failure.

Re:No worries mate

Oh, most of them probably argued. Those that argued vociferously were fired or quit. Those that argued strongly ultimately decided they needed a paycheck. That's the pattern on security decisions at multiple businesses I've seen.

Nope. Almost always it's lazy programmers who can't be bothered providing decent alternatives in their [so-called] field of expertise.

Re:No worries mate

I can absolutely confirm this. I worked as a developer for a large medical devices firm, and I made this very comment, and was told NOT to do so by management.

Re:No worries mate

Again, exactly my experience, as a developer on medical devices. The guys working on them, want generally to make them safe, robust, reliable and efficent and secure - in short a professional job. Management tell us to do otherwise....

So basically . . .

. . . turn on remote administration and leave the default username/password and you get m00sed? Cool.

A Møøse once bit my sister... No realli! She was Karving her initials on the møøse with the sharpened end of an interspace tøøthbrush given her by Svenge - her brother-in-law - an Oslo dentist and star of many Norwegian møvies: "The Høt Hands of an Oslo Dentist", "Fillings of Passion", "The Huge Mølars of Horst Nordfink"...

Re:So basically . . .

[mark_reh]

As a dentist I find your post quite amusing...

Re:So basically . . .

As a dentist, you don't spend much time at the movies or watching TV.

Re:So basically . . .

[unrtst]

As a dentist, you don't spend much time at the movies or watching TV.

YMMV, but my dentist has netflix on a big screen in a comfortable place to watch while someone picks around inside your mouth.

Re:So basically . . .

[mark_reh]

No, I don't have much time for either. I'm too busy saving the world, one tooth at a time.
Was that Monty Python?

Requires...

Remote management login+password. Telnet connection.

Neither of which is enabled on our TP-Link router.

Re:Requires...

[bobbied]

Remote management login+password. Telnet connection.

Neither of which is enabled on our TP-Link router.

As far as you know.... Unfortunately there are some (dare we say MOST) people out there which don't know enough to turn off such nonsense, not to mention ISP's (like Verizon) who actually open ports unbeknownst to the end user so they can remotely manage your router when you call them with a technical support issue...

Re:Requires...

My modem is a blackbox to me. I can't connect to it through any natural IP range, tried every private ip range and scanned it all with nmap, it doesn't communicate anything when sniffing via tcpdump, no ports open at all to me or the internet.

I've been looking at documentation and I couldn't find a way to at least see some statistics.

However, the ISP has a master unit that can communicate and control the rest of the slave devices. HomePNA, if they can do it, so can big dick corporations.

Re:Requires...

Hint: unplug it from the cable/dsl network.

Mine is a black box until I unplug it from the network. It then comes up with a 192.168 address and I can hit it with a web browser. The logs provided all the info I need and I had access to reset the admin password as well as re-flash the device.

I was surprised that after setting a secure admin password the cable company could just bypass it once it was back on there network.

BTW: I bought and paid for the cable modem. It belongs to me and as such I should have full rights to the unit.

Re:Requires...

think VLANs, infact think VLANs on the ASDL/cable side

which I might also add is one of the more secure options for remote management of CPE devices by ISPs. Use a non default vlan on the interface that is the inaccessible to you media type.

Re:Requires...

>BTW: I bought and paid for the cable modem. It belongs to me and as such I should have full rights to the unit.

Only until you connect it to someone else's network.

Re:Requires...

[Em+Adespoton]

I was surprised that after setting a secure admin password the cable company could just bypass it once it was back on there network.

That's because you've changed the admin password only. Above the admin password is a support password that has more privileges, and then the root password that rules them all. Your ISP holds these other two accounts that aren't visible from the Admin settings.

Re:Requires...

My Motorola Surfboard works similar.

After booting up it will try to download and verify the signature on its config file from the ISP. If it works, it bridges ISP traffic and DHCP packet(s) go to and are answered by them.

If it can't get link on the docsis side, or can't download that config, or can't verify the signature on it, then it puts 192.168.100.1 on its LAN interface and runs a DHCP and web server.

One nice trick to use:
Boot the modem disconnected from the cable then connect a PCish device. On the PC note the gateway IP (the IP of the modem) and get the modems MAC
(ping the modem IP and use the command: arp -a )

Then when set back up with a router, set a static route to the cable modems 192.168 IP block on the WAN interface.
You should be able to go to it from your PCs web browser through your routers NAT.

Status, logs, and rebooting from the other floor!

Re:Requires...

[fuzzyfuzzyfungus]

It doesn't help that more than a few router firmwares, whether out of malice or incompetence, simply ignore configuration changes made through their configuration interface. The checkbox may even be there, and may even stay checked or unchecked correctly across reboots; but the actual status of the device just doesn't change.

I had to retire a POS Netgear unit(WNDR3400, in case anyone cares); because it simply ignored the 'Enable Wireless Protected Setup' option. I chose 'hell no'; because WPS is known faulty; it merrily continued offering WPS. Various other models, from more or less all the major home brands, have had instances of this with assorted potentially dangerous features(remote admin ports, uPNP, WPS, default credentials that can't be changed, etc.). Sometimes there simply isn't anything in the UI for controlling a given feature, sometimes the settings are ignored.

Unless the device is supported by a good 3rd party firmware, or you exploit the vulnerability to go in yourself and do some surgery, even 'doing the right thing' can sometimes be purely ceremonial.

Re:Requires...

[eedwardsjr]

Try browsing to 192.168.100.1

Re:Requires...

Yeah, but this is exactly the same as having a back door in encryption.

ONLY the good people will EVER know about it, therefore you are 100% safe.

Damn it, there needs to be a "Think of the children" there somewhere... /sarcasm

Re:Requires...

[fuzzyfuzzyfungus]

Cable modems are a bit of a special case, and not in a good way. By design, they do what is called "DOCSIS Provisioning". As you might imagine, given that the 'Data over Cable Service Interface Specification' is produced by CableLabs, an industry R&D and standards organization operated by cable companies; the process is designed for the convenience of the service provider, not for the user.

Most cable modems do have some sort of web interface, config settings to fiddle with, etc.; but when you connect one to a cable network, after performing the low-level analog black magic required to get a working digital channel up, the modem makes a DHCP request, which the operator CMTS responds to with an IP and a TFTP server address from which the modem downloads a configuration file. The modem then applies that config file, ignoring any manual configuration made, and operates accordingly.

If you fancy a look at the gory details, Here are some links; and there is a software package for playing with being the party doing the provisioning. Punchline is, though, that a successful cable modem connection more or less implies that the cable modem will be operating according to the provider's configuration for the duration of the connection. Depending on whether or not your ISP is a dick about it, you may or may not lose access to http status pages, SNMP, and any other features the modem possesses; but that's all their call. A disconnected cable modem isn't much use; but it will generally show you whatever its firmware has to offer.

Re:Requires...

I was surprised that after setting a secure admin password the cable company could just bypass it once it was back on there network.

That's because you've changed the admin password only. Above the admin password is a support password that has more privileges, and then the root password that rules them all. Your ISP holds these other two accounts that aren't visible from the Admin settings.

Well, yes, but we don't have to worry about those accounts so long as the tens of thousands of ISP employees are all trustworthy.

Re:Requires...

[bobbied]

I believe that your router IS supported by OpenWRT depending on the hardware version you have. I highly recommend OpenWRT. It's a bit more difficult to set up than most commercial offerings, but it's flexible and safe.

Re:Requires...

[fuzzyfuzzyfungus]

I'll have to check again. It wasn't when I pulled it; but that may have changed, and it is still in my reserve drawer.

Re:Requires...

[Em+Adespoton]

Don't forget the ex-employees too... including the ones that were fired with cause.

Re:Oh boy

Then why does he not use Windows for all stuff if he believes that Linux is insecure?

Not news... Use better passwords.

[NotARealUser]

This is not a story, and not really a Linux problem. The worm relies on weak passwords to execute code. This is about as newsworthy as telling me that car thieves found a way to exploit Fords that have the keys left in them.

Re:Not news... Use better passwords.

[gstoddart]

Oh, I don't know ... the steaming shitpile which is the state of security on consumer electronics bears repeating.

Because apparently it isn't going to go away any time soon.

Re:Not news... Use better passwords.

[MobileTatsu-NJG]

Unless this were a story about Microsoft, then it'd be fair game.

Re:Not news... Use better passwords.

Hopefully as people become more aware of such basic weaknesses, vendors will be under pressure to stop shipping devices with default credentials built-in, naively expecting grandma's and grandpa's to actually change them.

Re:Not news... Use better passwords.

Wait, I thought it was!

  Only a Microsoft user would be stupid enough to leave the router password at default and to allow it to be configured over the internet. :P

Re:Not news... Use better passwords.

[countSudoku()]

Okay, here you go:

I routinely "break into" fellow admin's Windows systems when they leave without locking their screen! Fucking Windows!

Re:Not news... Use better passwords.

Well you know, these days "vulnerability discovery" is a form of marketing, and every disclosure has a visibility agenda.

Re:Not news... Use better passwords.

[cusco]

It's not a Linux problem as such, but it is an OS programmer problem because they **allow** default passwords to survive first use without requiring that they be changed.

Re:Not news... Use better passwords.

[nickweller]

@NotARealUser: "This is not a story, and not really a Linux problem. The worm relies on weak passwords to execute code. This is about as newsworthy as telling me that car thieves found a way to exploit Fords that have the keys left in them."

NO, NO, NO, if it was FORD then it would be referred to as ' cars ' with keys in them get hacked :)

Especially if FORD were spending a lot of advertising money with the parent publisher :)

Re:Not news... Use better passwords.

[clovis]

This is not a story, and not really a Linux problem. The worm relies on weak passwords to execute code. This is about as newsworthy as telling me that car thieves found a way to exploit Fords that have the keys left in them.

This is more like "dealerships hide a spare key under every car, but they don't tell the owner".

Re:Not news... Use better passwords.

Something tells me you don't know what an "OS" is.

Re:Not news... Use better passwords.

[fuzzyfuzzyfungus]

The fact that there are telnet services listening on WAN ports 15 years after OpenSSH became available makes me suspect that nothing short of a vigorous scourging with nuclear fire could solve the utterly lax approach to even rudimentary security in consumer electronics.

Well, that and DRM. Tell 'em that the pirates will steal their precious 'premium content' and suddenly they get real interested in security, albeit more in the 'building prisons' than 'building fortresses' sense of the word.

Re:Not news... Use better passwords.

[cusco]

Something tells me that you're too dumb to know how to create a user account, AC. There are plenty of devices that require you to change the password the first time you log into them, there is absolutely no reason NOT to do that except for laziness.

Re: Not news... Use better passwords.

Dont worry it will be a crime soon. Want to look at how something works or if it is secure? Pay for the appropriate federal permits to examine the device that you "own".

Re:Not news... Use better passwords.

[SgtAaron]

Hopefully as people become more aware of such basic weaknesses, vendors will be under pressure to stop shipping devices with default credentials built-in, naively expecting grandma's and grandpa's to actually change them.

That's a big hope :-) When we install new wireless internet service in the various remote locations our customers live in, they purchase a wi-fi router from us and we configure the damn things ourselves. Unless they already have a router, of course, then we check it out and make sure it's locked down. It's the only way to be sure.

Re:Not news... Use better passwords.

[dave420]

Yes, but that has nothing to do with the OS, as your post seemed to imply. That is what the AC was talking about - your peculiar choice of terms.

Re:Not news... Use better passwords.

about as newsworthy as telling me that car thieves found a way to exploit Fords that have the keys left in them

Well, I'm stumped. Are you going to tell us how such a Ford would be exploited, or are you just going to leave us hanging?

Re:Oh boy

Think a bit. Said friend probably uses OS X for everything else. Anyone that thinks Linux (or Windows for that matter) is insecure is probably one of those Mac users. It is pretty obvious these days that most vulnerabilities that can be exploited remotely these days target applications / runtimes (Java, Flash, various browsers, Adobe Reader, etc.) and not the actual OS itself.

This is what we have come to

Remember when worms tried to get banking information? Likes, bah! Get off my lawn!

Re:This is what we have come to

It's a Millennial worm apparently.

For those who don't want to read.

It works by abusing default/weak credentials.

Shoot me now.

Re:Very funny!

[BarbaraHudson]

I haven't seen predestination yet, but if it's anything like the short story it was based on, I will definitely like it. It's a real mind-bender.(hum "I'm my own grandpa ...")

Nobody likes this hijacking crap, but it is what it is ... if there's money in it, the cockroaches will be there.

Time for 2FA for the local router?

[mlts]

I wish more routers came either with a local method of configuration (an onboard touchscreen display like a lot of LTE Wi-Fi routers, USBSerial, or perhaps just a good old fashioned serial port, with a USB dongle and cable.) From there, one could configure some form of 2FA, which does mitigate the aspect of a compromised PC or network.

Re:Time for 2FA for the local router?

If that adds a nickel to the price, you can bet nobody will go for it. These things are sold on zero margin as it is.

Re:Time for 2FA for the local router?

[fuzzyfuzzyfungus]

Two-factor auth is so far ahead of the current situation that the risk of 'what if they try to configure the router from a compromised PC?' probably isn't on the radar.

What I would love to see, though, would be a router that uses some USB or NFC security fob for idiot-proof and robust VPN setups: just imagine: plug the fob into the router, or set it on the NFC pad, press the 'bless' button; and the router would perform the appropriate cryptographic handshaking with the fob, and provide the configuration information for setting up the VPN(url, VPN type, etc.).

Then you bring the fob over to a computer or mobile device, hit 'make it so', and the VPN client reads out the config data, makes the appropriate configuration changes, and the fob authenticates the connection. Quick, trivially easy, much more secure than a password or even a certificate file on a USB drive; and you are neatly tunneled back to your home network regardless of the hostile and untrusted networks you may encounter during the day.

Should you lose the fob; hit the 'unbless all' button and all fobs need to be re-blessed before they can be used(obviously, web or other interfaces to the router could allow more granular and advanced control; but having to re-bless a few fobs is likely to be easier than having to understand a more complex interface for many unsophisticated users, who probably only have a small number of active fobs anyway).

Re:Time for 2FA for the local router?

[mlts]

The blessed fob idea could be used for a lot more than that, assuming BT or NFC connections (for short range items.) Not just for the network connections, but for things like recovering a lost password on a machine.

As you said, the concept of a physical key is a lot more common, and intuitive to a lot of people, so that might be a way of doing security on a home user basis.

No, this isn't perfect... but it would help immensely with security and close a lot of remote attack holes.

Excellent idea.

Re:Time for 2FA for the local router?

[fuzzyfuzzyfungus]

I think that you could bodge together a proof of concept with basically any router and either a smartcard reader that supports CAC-style behavior, or any of the fobs that can do keypair auth(I know yubikeys can, I haven't done much poking around); but the one snag is that, to my knowledge, there's nothing (at least nothing remotely standard) that does both robust crypto token and just enough writeable storage for the little bit of configuration data that would allow a user without much technical aptitude to autoconfigure a VPN, or trust of a given certificate, or any other use case that requires both the transmission of a small amount of data and robust authentication.

For myself, I'm interested just because hardware crypto tokens are so strong compared to passwords of any remotely tractable-to-humans complexity, and less vulnerable to untrustworthy clients than doing keypair auth with a private key that lives on a relatively vulnerable computer, rather than never leaving dedicated hardware; but for it to be something useful outside geeks and IT-managed environments, the extra bit of configuration data capability seems like it would be necessary.

Maybe if I were feeling entrepreneurial...

Re:Time for 2FA for the local router?

I too am a fan of hardware crypto tokens. However, it just seems each brand falls short somehow:

YubiKeys don't seem to have much in the way of hardware tamper protection, as one can split them open to access the PCB pretty easily. If they charged $20 more and had something that was molded from one piece epoxy potting (and not two halves glued together), I'd trust it better.

SafeNet eTokens are great for storing keyfiles, as well as cryptographic processing of private/public keys. They are also molded in one piece. However, you can't find drivers for them, because unlike Yubikeys which use a standard USB protocol, one needs special low level USB drivers which are unique to Aladdin/SafeNet.

Then there are are CAC readers and the cards, but good luck getting some smartcards to work with. First thing the suppliers ask is what agency it is for or what contract, and if one states that it is for non-government use, you get turned away with "we don't sell to terrorists".

Actually, this is a market niche that needs to be filled. Remember the Dallas Semiconductors iButton? This would be pretty close to an ideal standard, and has proven itself rugged over time. The iButton is as close to idiot-proof as one can get. Not perfect, but useful, even if the only thing it does is store a serial number, or do a SHA256 hash with a secret value only the iButton has on it. This could be used via a hashing system, so that the hash+SHA256 value is unique among all the devices the iButton uses.

I wish they made the Java iButton. Something that was sophisticated enough to do RSA decryption on the chip, as well as store multiple keys.

The hard part would be getting all the PC makers, including Apple, to agree on a standard, especially if it isn't USB. However, USB is only designed to take 1500 insertion cycles before breaking, so something more robust is needed. All the standard would need is two contacts (as power and signal can be combined), high insertion cycle rating, in a small form factor that can be used even on smartphones. Not easy, but can be engineered.

Re:Time for 2FA for the local router?

[Aristos+Mazer]

Excellent idea. Needs to be tweaked somehow to support phones\tablets that don't have (standard) USB ports. But the idea is good.

Re:Time for 2FA for the local router?

Wow. My idea is that in future devices, remote logins could be disabled by moving a jumper inside the router. But your idea is an Austin Powers movie plot by comparison, and I just have to tip my cap. Well done!

Moose and...

Will the counter to this be SQUIRREL?

LOL, yea, that song... apk

The film lends a whole new bend to "Go Fuck Yourself!" (so does the tune when related to the movie) in its own 'strange way', that's for sure...

So you know:

The 2 brothers who did the screenplay said they *tried* to stay REALLY close to the original storyline ("I know where I come from... but where do all YOU 'zombies' come from?") - & Ethan Hawke said, after he read what YOU did "I read it and was like 'wtf did I just read' & it had me hooked!" & he tries to stay with, as he says, unusual storylines material!

In the end?

You'll like it, I'm certain (in fact, it makes me want to read the original in fact as you have, it's a Heinline I never caught (read much of his stuff, liked "Citzen of the Galaxy" the best (Col. Richard Baslim etc. & being "renshawed"))

I'd like to know what the differences are IF you get the chance between the flick & the story.

* Anyhow/anyways - the cockroaches eh? Biggest ones of ALL are, imo @ least, RIGHT AT THE 'TOP' OF THINGS (never mind the online scum)...

APK

P.S.=> Think about it, look around you, & if you see what I see, you know what I mean - I mean, e.g. - After the "Check 21" legislation, bankers no longer had to verify checks (which makes 'easy pickings' for those "I have a business proposal for you" type scam phish mails for chumps who don't have the sense to validate NSF (non sufficient funds) by bank it's written against, or money order company, via MICR # etc. - now, wouldn't it be EASY if you set the whole Check 21 thing up to then TURN AROUND & do the scamming online too? SURE it would be - it's ALL on the depositor of the funds in whatever form they attempt to deposit, & NOT THE BANK, or the 'scammers' doing it with falsified/fraudulent/stolen checks or other financial paper instruments) - talk about an "inside job" + PROFITING @ both ends... apk

Re:LOL, yea, that song... apk

[fisted]

Has anyone seen a ton of <b> tags? I think he lost his stash.

Re:LOL, yea, that song... apk

Fisted's still sore apk made him run forrest run http://games.slashdot.org/comm... and here too http://games.slashdot.org/comm... from a completely fair challenge he issued to you on hosts files, and you ran from it, and all you had was your sockpuppet issued minus moderating to hide the fact you can't prove him wrong on his points on hoss files? Yes.

Re:LOL, yea, that song... apk

[weilawei]

Lay off dude. He's having a reasonable discussion.

Re:LOL, yea, that song... apk

[fisted]

Hahahahahahah. See sibling and what follows.

Re:LOL, yea, that song... apk

[fisted]

I think you forgot to sign that post with your usual signature, my challenged friend.

so poor we can't even pay attention...

nobody has any money anymore...

I wonder where it all went?

New malware that targets week passwords?

[nickweller]

'the Moose worm [takes advantage of] weakly configured with poorly chosen login credentials.'

Jeeezus J. Jehovah, is this what slashdot has been reduced to reporting as technical information, a so called WORM can login to devices with weak or default passwords?

Attn. Router Owners

[Guy+From+V]

Just start using any of the open source firmwares that are constantly tweaked and updated (almost to a fault) like Tomato and DDWRT. They are very flexible and have different flavors to fit your needs and nothing you don't want so as to lessen the target size and entryway vector number and are fully auditable. I recommend the Toastman tomatousb vintage with VPN and 5ghz.

Meanwhile...

Windows still leader in malware and virus infections.

Do know what the saddest part is?

[CaptainLugnuts]

Thar worm code is better documented then anything I've ever worked on.

Re: Very funny!

So why dont they mention all the Windows based routers? Oh yeah... nvm.

Not only Linux

[DrYak]

Which raises the question, why is this even news? Is it more Linux/open-source bashing by the commercial OS crowd?

In fact not all of them even run Linux. AFAIK, Zyxel use their own proprietary OS, call ZyNOS (Zyxel Network Operating System).
The fact that their are listed here shows that the worm doesn't rely on a Linux vulnerability.

If Windows Embed had made any significant inroads as a router OS (haha...) it would probably also be among the vulnerable targets.

Re:Not only Linux

Many Zyxel consumer routers seem to use Linux.

Has anyone seen... apk

"Fisted"'s real name here, ever? I think he lost his balls! Not that he EVER had any, that is... proof of THAT? Easy, his nature & using his b.s."handle" here: He;s unwilling to stand behind his own words in this life, which speaks WORLDS ABOUT HIM, in & of itself in that 'practice' of worms!

See - your kind? Ball-less little sneaks

APK

P.S.=> You trolls, you're pitiful - that's 1 thing I'll give BarbaraHudson (formerly TomHudson): @ least he/she, despite undergoing 'some changes' STILL HAS THE BALLS TO POST WITH HIS/HER REAL NAMES (& always did, unlike the rest of you stooges around here unwilling to stand behind your own words in this life, which speaks WORLDS ABOUT YOU - your kind? Ball-less little sneaks)... apk

Re:Has anyone seen... apk

[fisted]

This makes me want to cuddle you

Re:Has anyone seen... apk

Nope. I saw fisted "run forrest run" http://linux.slashdot.org/comm...

Thank-You weilawei... apk

Happens here a lot. He's just another one I've burnt on hosts is all and this is their "effete revenge": Being pests with 50 different sockpuppets fake accounts "his kind" uses to "support themselves".

That's all - then again, I figure MOST people here are intelligent enough to know "the real deal" on HOW it *really* works on forums like this, & perhaps ESPECIALLY this one with its EASILY CHEATED BY SOCKPUPPETS (especially ones that cater to the 'hive mind open sores pro-*nix' theme largely around here, which honestly? I don't mind... I just do NOT like lies they many times spread here for YEARS like "Windows = vulnerable, Linux = INVULNERABLE", when it was hiding behind 'security-by-obscurity' & the truth is ANDROID showing how much bs that really was - you don't hear that 'mantra' here anymore after ANDROID's NUMEROUS exploitations for a decade now).

PRICE in being top dog on ANY platform will bring on the exposure to exploit... why? It's where the ill-gotten gains are, since just like PICKPOCKETS?

"Hacker/Cracker" types do *NOT* go to a room with 1 victim only - they go where the 'greatest surface area' for them is, in crowded thoroughfares like subways, train stations, crowded streets, to max the victim count + THEIR profiteering... Linux is getting a taste of what Windows had for decades now, that's all!

APK

P.S.=> See my 'addendum' post after this (can't fit it here, might as well speak my mind on MS screwing up driving me to Linux probably)... apk

ME TOOO!!!! ME TOO!!!!!

hey wow They now figured out how to change Bookmarks on an Entire Freaking network without user intervention!! its pin a Crime on the donkey at its FINEST!

Last laugh's mine, fisted... apk

See subject: Jokes on you "forrest" here http://games.slashdot.org/comm... & here too http://games.slashdot.org/comm...

Where despite YOUR b.s. saying I understood nothing technical, it's YOU that ran like a dog with his tail between his legs there vs. a fair challenge I put to you to prove my points in favor of hosts over other "so-called 'solutions'" wrong... you can't & NEVER could, period.

* :)

(What's the matter fisted? You "talked the talked" there, but you couldn't "walk the walk"... lmao, no, you RAN instead!)

APK

P.S.=> You're TRULY pitiful: You don't seem to realize that by accepting the javascript & cookies here, YOU WERE FORCING YOURSELF INTO "BETA" whereas using hosts + not having a "registered 'luser'" account there makes me FREE of that (& being tracked like a tagged animal, like you)... apk

Re:Last laugh's mine, fisted... apk

[fisted]

It's more because I don't feel like wasting excessive time on dealing with trolls, my dear challenged friend. Go play with your windows. Sheesh.

This makes me laugh @ you Forrest

See subject & this http://linux.slashdot.org/comm...

* :)

APK

P.S.=> "Run, Forrest: RUN!!! = fisted, every time... lol!

... apk

BS

http://linux.slashdot.org/comm...

"Run, Forrest: RUN!!!"

See subject & this http://linux.slashdot.org/comm...

* :)

(Always a PLEASURE & a good laugh pointing that out about you 'fisted' (or per my subject above, "Forrest" - LMAO!))

APK

P.S.=> Keep "running" Forrest - you make ME look GOOD, & yourself by way of comparison? Well - lol, "not so good" but then again, you're just a forums fake name "ne'er-do-well" NOBODY & you KNOW it... hence your "registered 'luser'" account here since you have NOTHING worth standing up for of your own! apk

Re:"Run, Forrest: RUN!!!"

[fisted]

you make ME look GOOD

Glad I could help, you seem to desperately need it.

"Rinse, Lather, & Repeat" Forrest

http://linux.slashdot.org/comm... & every single time you fools *try* your crap? I gain, large... hugely. At least 50 people @ a time ask for links to my APK Hosts File Engine 9.0++ SR-2 32/64-bit here http://start64.com/index.php?o...

Every time I smoke one of you 'naysayer trolls, like I have YOU in that 1st link above, Forrest (lol)?

Then, I get emails galore from folks asking for it & where to get it or praises for the added speed alone @ first usually, & then for security (they don't get infected anymore by ads OR maliciously scripted sites etc.) & what-not...

It works!

Simple, just by MY doing what "advertisers" do & using "location, location, location" (Yes, I know their 'jedi mind tricks' from the 1st of 2 degrees I have, MIS BS, & I use it to MY advantage & in turn, give users more speed, security, reliability + even anonymity in return).

* I'm of service to others, they in turn, are of service to me... everyone involved, gains big.

(In fact, so do my hosts files data producers. Give you an "example thereof" since I've been USING /. for that purpose since many come here (location, location, location again): MalwareBytes' hpHosts got SO MUCH DEMAND between myself & iirc, AdFree on smartphones, that since I began "pr'ing" my program here, they HAD TO MOVE TO "Un-DDoS'able" AMAZON servers - too much demand resulted!)

APK

P.S.=> I'm winning as usual, & you? You're doing YOUR usual, losing, badly (see 1st link above "Forrest", you fail as you always do, but then again seeing as how you use a "registered 'luser'" trackable online SHEEP account here? You know that, don't you?? If not, NOW you do...) apk

"Run, Forrest: RUN!!!" vs. apk

STFU n' quit cryin bitch, face the music here http://linux.slashdot.org/comm...

Addendum & why I may go *NIX... apk

Anyhow, if MS keeps "f'ing up" like they have Windows VISTA thru 8.1-10? I'll "expire" as "poster child for MS Windows Fanboy of the century" here.

They even F'd up the HOSTS file in Windows 8x!

(Probably same in 10: Ballmer wanted to make them an ad power like Google & his kind doesn't CARE if they f'up something good - their GOD, is money, & from it, Power/Control).

They F'd up a BETTER hosts format from 12/09/2008 onward that was ADDED in Win2k SP2!

(7-8.x can't use 0 as a valid smaller than 0.0.0.0 blocking address, & certainly better/faster/smaller blocking address than 127.0.0.1)

Both in internal parse/load speed of hosts by the IP stack + filesize which even their VP of the "Windows Client Performance Division" conceded to me & I let him know it, he agreed, nothing changed http://slashdot.org/comments.p... [slashdot.org]

Did the same on Sinofsky's blog - NO change!

APK

P.S.=> Regarding hosts? They "F" up hosts like they have in Win8.x into 10? I'll "jump ship" to 'em in a heartbeat since THEY HAVE NOT!

(Linux does 1 thing I like, in that it's caching for DNS requests does NOT 'break down' with larger hosts files, Windows shitty limited in size datastructure they use in their SLOWER than kernelmode (less cpu serviced usermode service actually) dns clientside cache!

USUALLY, turning that off in 2000/XP/Server2003/7 fixes it... But, not in Win8.x!

I'll bring APK Hosts File Engine 9.0++ SR-2 32/64-bit http://start64.com/index.php?o... EASILY to Linux + MacOS X too... how??

Borland/Embarcadero's Delphi Object Pascal.

It's written in that & ports to MacOS X/ANDROID (possibly Linux soon too, or there's Lazarus & FREE Pascal as an option too) = a 'snap'!

(Just have to watch hosts location changes, drive letter, & some 'minor' sockets differences in WinSock2 vs. std. *NIX sockets & streaming, maybe some ICMP in it)... apk

When the REAL reason Linux's used is noted?

See subject: ONLY real reason it's used is it keeps "per unit cost" down (free OS) & yes, that it's "Open SORES" & easily customized for that purpose...

* That's why - ever heard the old saying:

"... the answer to 99/100 questions, is '$'..."

(This one fits that in the 99 part!)

OS by this point, imo @ least, are like modern combustion engine vehicles - they're ALL pretty much the same design & they all function, but sometimes, you go the 'budget route' in order to sell something (the OS is just a "stepping stone" partial component in smartphones & routers for instance that use Linux as their OS - it's cheaper, works, & keeps costs per unit of those devices, DOWN... money, talks!)

Mod this down ALL YOU LIKE, doesn't change the truth -> http://linux.slashdot.org/comm... like you did there to "hide" that truth, scumbags.

APK

P.S.=> "Here endeth the lesson", for those of you that don't "get it" that "The HOLY Dollar" makes the world go round (& is the "ROOT", pun intended, of ALL evil - evil, like Linux being used for instance, lol!)... apk

Downmods of truth != effective

Here's that truth http://linux.slashdot.org/comm... & you "Pro-*NIX" Penguins know it & IF I can realize it? So does everyone else, despite your misinformation bs you spout + downmods to hide truths like that (money talks, Linux = free KEEPS PER UNIT COSTS DOWN for the "internet of things" & that is the ONLY reason Linux is used more... & the truth of it you're desperately effetely *trying* to "hide" invainvia your bogus downmods of that post).

APK

P.S.=> You fools keep shooting yourselves in the foot, apparently *thinking* you can "fool" people with misinformation twisted truths vs. reality (not a 'strong suit' of yours, in thinking, when you all demonstrate to me YOU CANNOT THINK FOR YOURSELF & peel back the onion to see the REAL TRUTH OF THINGS in some puny attempt to "further your own personal agendas"... & by the way judging by the less than 1% of usership worldwide on the desktop, the REAL true measure of things with end users, not on servers or devices where keeping it cheap/ money talks? Linux IS LOSING)

Largely due to "Windows != Secure, Linux = Secure" bs you ALL SPEWED HERE for years, not anymore, after ANDROID shows clearly otherwise (Linux is used, but to keep costs down ONLY, & especially in companies with tight budgets being run by the BIGGEST CROOKS OF ALL TIME ruining this nation for their 'bonuses' & Golden parachutes + MORE BS like MS saying "nobody is buying PCs" when LENOVO is bursting @ the SEAMS due to the gentrification of Windows & stock buybacks for profit thereof again ruining a good thing in Windows for it so they can gain by it via illusions put onto the rest of us -> http://slashdot.org/comments.p... as I outline it there, prove me wrong, go for it - I'm not as big of an MS fanboy as you think, & he IS why also http://linux.slashdot.org/comm... ))