Forum Index > Full Moon Saloon > If you want to read about the recent internet outage
 Reply to topic
Previous :: Next Topic
Author Message
Joey
verrry senior member



Joined: 05 Jun 2005
Posts: 2794 | TRs | Pics
Location: Redmond
Joey
verrry senior member
PostSun Oct 23, 2016 8:21 am 
Below is a link to a good place to start. The article has links to more info. Various 'things' connected to the internet (mostly web cams) got infected with malware because the default username and password was never changed. Of course the bad guys know those defaults. Many of those 'things' also allow communication over the internet via SSH and/or Telnet. The default username and password for SSH or Telnet access to the device might be (1) different than the username and password for the web interface and (2) hardcoded in the firmware in the device. https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/

Back to top Reply to topic Reply with quote Send private message
Sore Feet
Member
Member


Joined: 16 Dec 2001
Posts: 6304 | TRs | Pics
Location: Out There, Somewhere
Sore Feet
Member
PostSun Oct 23, 2016 10:52 am 
This is the big takeaway that needs to be addressed right now if the Internet of Things is to continue:
Quote:
“The issue with these particular devices is that a user cannot feasibly change this password,” Flashpoint’s Zach Wikholm told KrebsOnSecurity. “The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”
As far as I'm concerned, the super minor convenience being offered by internet-connected household appliances and gadgets like Thermostats, Washing Machines, Refrigerators and such are vastly outweighed by the potential pitfalls of security holes like this. DVRs and Wifi enabled TVs are another story given how much of that content is delivered and accessed via the internet now, but the same concerns still remain. The companies who make these products really need to be held responsible for selling vulnerable products.

Back to top Reply to topic Reply with quote Send private message
Joey
verrry senior member



Joined: 05 Jun 2005
Posts: 2794 | TRs | Pics
Location: Redmond
Joey
verrry senior member
PostThu Oct 27, 2016 7:31 am 
Here is an Oct 16th post from Krebs that does a good job of stating the problem in the first few paragraphs. https://krebsonsecurity.com/2016/10/senator-prods-federal-agencies-on-iot-mess/#more-36785

Back to top Reply to topic Reply with quote Send private message
Randito
Snarky Member



Joined: 27 Jul 2008
Posts: 9495 | TRs | Pics
Location: Bellevue at the moment.
Randito
Snarky Member
PostThu Oct 27, 2016 8:05 am 
I'm sure there are engineers in many companies that are uttering something like this at this point.
Quote:
A security review was on the "to do" list, but marketing cut it in order meet the schedule so the product could be available on "Black Friday".

Back to top Reply to topic Reply with quote Send private message
Joey
verrry senior member



Joined: 05 Jun 2005
Posts: 2794 | TRs | Pics
Location: Redmond
Joey
verrry senior member
PostThu Oct 27, 2016 8:24 am 
The 'big picture' scary thing is the devices (web cams, etc) that are infected with the malware are (1) still infected, (2) still conected to the internet, (3) still unfixable and (4) the malware in the devices can be told anytime to do more harm. There are components in those products that have firmare that (1) allows access to the component from anywhere on the planet via telnet, (2) has telnet turned 'on' and (3) includes a default username and password hardcoded in the firmware. The bad guys and gals know those defaults and the SOL enduser has no way to change the firmware.

Back to top Reply to topic Reply with quote Send private message
cdestroyer
Member
Member


Joined: 14 Sep 2015
Posts: 1249 | TRs | Pics
Location: montana
cdestroyer
Member
PostThu Oct 27, 2016 7:50 pm 
some but not all web cameras can be flashed with new firmware. anyone who wants to try should check out the manufacturers site. also if the camera is attached to a pc and the internet via broadband modem and is more than likely usb then a second router can be installed and the camera plugged into that router, this would make the camera invisible to the internet....it is a bit tricky to do so you need to search the web for info but it can be done..also this method can be used to extend the range of any broadband modem/router and eliminate blind spots in your home...information is available on the web.. addendum this site might help http://lifehacker.com/how-to-extend-your-wi-fi-network-with-an-old-router-915783308 ha... i just reread this article and I guess I made a boo boo...usb and ethernet are not one and the same so you would need another pc ...my bad further info: this will still work to hide your pc and anything attached to it by using an older router attached to your broadband modem via ethernet or even wireless.....your isp provider may have restrictions on such an arrangement....and then again since I have done this once ......

Back to top Reply to topic Reply with quote Send private message
   All times are GMT - 8 Hours
 Reply to topic
Forum Index > Full Moon Saloon > If you want to read about the recent internet outage
  Happy Birthday noahk!
Jump to:   
Search this topic:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum