Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
IoT
#1
#IOT   OK, it's one of the latest fads.  Yeah,  it's right up their with mood rings and pet rocks wrt actual utility. Tongue 
It's also the hotbed of "all your appliances are, belong to us. - H3x0rs"

https://www.weforum.org/agenda/2016/10/h...berattacks


http://www.securityweek.com/over-500000-...rai-botnet

Telnet is evil, man.
---Value Added Cool
Reply
#2
I bet you want us to get off your lawn, too, old man? Tongue
#MakeTheDemocratsGreatAgain
Reply
#3
(10-17-2016, 11:56 PM)Ragnarök_62 Wrote: #IOT   OK, it's one of the latest fads.  Yeah,  it's right up their with mood rings and pet rocks wrt actual utility. Tongue 
It's also the hotbed of "all your appliances are, belong to us. - H3x0rs"

https://www.weforum.org/agenda/2016/10/h...berattacks


http://www.securityweek.com/over-500000-...rai-botnet

Telnet is evil, man.

Yep, and those new devices tend to be a lot more judicious with their network traffic. I run Wireshark on my home network every so often just to make sure nothing has transformed into the walking dead and the most active "talker" on my network is the fucking Roku player. Why it believes it need to send out an ARP request every 15 seconds (literally just making SURE it should STILL be using the same IP address) I just don't know. If I had to guess it's just laziness in the programming or the simplicity of the operating system running a dumb device that is expected to be online at all times, no questions asked (But mah Netflix isn't streaming fast enough!). Compromising those devices will be manna from heaven.

Like everything else though, the shit show will be fun to watch.  Cool
The single despot stands out in the face of all men, and says: I am the State: My will is law: I am your master: I take the responsibility of my acts: The only arbiter I acknowledge is the sword: If any one denies my right, let him try conclusions with me. -- Lysander Spooner
Reply
#4
(10-21-2016, 10:11 PM)Copperfield Wrote:
(10-17-2016, 11:56 PM)Ragnarök_62 Wrote: #IOT   OK, it's one of the latest fads.  Yeah,  it's right up their with mood rings and pet rocks wrt actual utility. Tongue 
It's also the hotbed of "all your appliances are, belong to us. - H3x0rs"

https://www.weforum.org/agenda/2016/10/h...berattacks


http://www.securityweek.com/over-500000-...rai-botnet

Telnet is evil, man.

Yep, and those new devices tend to be a lot more judicious with their network traffic.

It's an marriage of stupidity.  IoT vendors consider security as afterthought, if that. I mean telnet?  Really.
I bet there's no forced passwd change either when folks get those devices out of the box.  If they run Linux, that can be done.  


I run Wireshark on my home network every so often just to make sure nothing has transformed into the walking dead and the most active "talker" on my network is the fucking Roku player.


I have Aide for checking file system changes, AppArmor and John the Ripper to make sure I use good passwds. I don't think I need something as complex as Wireshark since my box is just a personal PC.  I just use ufw and have a default DENY policy.  The shit that's open for email and DNS has exact rules pointing to my email/DNS/poker servers.

Why it believes it need to send out an ARP request every 15 seconds (literally just making SURE it should STILL be using the same IP address) I just don't know.

Looks like a loop iterator error. Big Grin  Does this sound about right? The arp call should be outside the loop and invoked only once.


I think it's again just horrible programming. What's wrong with :

Turn on device:  code in rough form:
main (argv,argc) {
#include<stdio.h>
#include<sys/reboot.h>
#
# make arp call only once outside of loop
#
#use this shit: http://lxr.free-electrons.com/source/net/ipv4/arp.c
#
# Now handle streaming or whatever
#
while (1) {
do device stuff here
#
# check for off button pressed
#
http://www.c-sharpcorner.com/uploadfile/...n-C-Sharp/
if (device.off == 1) {
#
# safe reboot / change to halt
# http://stackoverflow.com/questions/10585...-file-loss-# created-by-the-progra
#

Code:
pid_t halt_pid;
if( 0 == (halt_pid = fork()) ) {
   execlp("/sbin/halt", "/sbin/halt", NULL);
   exit(1); /* never reached if execlp succeeds. */
}
if( -1 == halt_pid ) {
   /* fork error... deal with it somehow */
}
int halt_status;
waitpid(reboot_pid, &reboot_status, 0);
if( !WIFEXITED(halt_status) ) {
   /* halt process did not exit sanely... deal with it somehow */
}
if( 0 != WIFEXITSTATUS(halt_status) ) {
   /* halt process exited with error;
    * most likely the user lacks the required privileges */
}
else {
   fputs("halt call sucessfull -- system is about to shutdown.");
   /* The init system is now shutting down the system. It will signals all
    * programs to terminate by sending SIGTERM, followed by SIGKILL to
    * programs that didn't terminate gracefully. */
}

  
}  /* end while loop */

}  /* end crappy program snips from interwebs search by Rags here */


If I had to guess it's just laziness in the programming or the simplicity of the operating system running a dumb device that is expected to be online at all times, no questions asked (But mah Netflix isn't streaming fast enough!).

<sour grapes by Rags>   cheap H1-B or outsourced coding </sour grapes by Rags >




Compromising those devices will be manna from heaven.


Oh you bet.

Internet DDOS outage map.
[Image: screen-shot-2016-10-21-at-10-07-47-am.png?w=680&h=341]


Like everything else though, the shit show will be fun to watch.  Cool


I agree. Just look at the map.  H3x0rs hate blue states !   Big Grin  I wonder what Eric has to say about this.

*Texas.  Texas is big, so they whacked the blue part of Texas.


*The coming shit storm:


:: Rags passes some popcorn to Copperfield :: [Image: icon_smile_popcorn.gif]
---Value Added Cool
Reply
#5
The Blue areas are where most of the people are, Rags!  Tongue
#MakeTheDemocratsGreatAgain
Reply
#6
(10-22-2016, 08:24 AM)Odin Wrote: The Blue areas are where most of the people are, Rags!  Tongue

Uh, how come highly populated Europe isn't all red from H3xors?
---Value Added Cool
Reply
#7
Rags, I always knew the election was rigged against us. Trump told me so.
"I close my eyes, and I can see a better day" -- Justin Bieber

Keep the spirit alive;
Eric M
Reply
#8
http://www.zerohedge.com/news/2016-10-21...-dyn-warns

So the shit show begins. Dunno if a local DNS would help....

https://ubuntuforums.org/showthread.php?t=236093
---Value Added Cool
Reply
#9
Eric the Green Wrote:Rags, I always knew the election was rigged against us. Trump told me so.

I think that only applies to E-ballots.  Rag's solution is to use paper ballots everywhere.   Oklahoma uses paper ballots. The warning shots have been fired. There is no excuse for E-ballots, Diebold machines, etc.


If any jurisdiction is using e-voting, you've been warned. You certainly run the risk of severe disruption by IoT. Cool
Trump is a shade of meaning off. The word is "disrupted", not "rigged".

https://en.wikipedia.org/wiki/Electronic_voting
---Value Added Cool
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)