Jump to content

Recommended Posts

Posted

I wouldn't call this a new worm, or a new style of attack vector. Picking out system defaults & trying to leverage them doesn't take a great deal of skill. As the article states, "The worm is designed to take advantage of an 18-month-old vulnerability in the OS that presents a Web interface to users for setting it up.", not very innovative. I've been a Sysadmin where Linux and other Open Source operating systems & associated applicaiton software has been the mainstay for almost 20 years & you bet Linux has vulerabilities. You have to update it & configure it properly or it's just as vulerable as any thing else out there. The nice thing about the Open Source community, it's a vibrant community that responds quickly to software bugs & issues fixes quickly. Again anything, improperly configured sitting on the Interent whether it be Linux, MAC, *BSD, or some sort of Microsoft Windows are likely to suffer a cruel fate, though usually it's the hosted applicaiton software that are hacked firsted. Update firmware, run the latest Anti-Virus updates, build tiered operating environments, and zones, implement restrictive group policies, monitor internal network traffic just as much as you do the external traffic & constanly review security advisements from trusted sources, that is my advise.

Posted

I wouldn't be surprised if that page/article was sponsored by Microsoft.

It is not a vulnerability to present a webpage for setup; it is a stupid decision to not have the machine refuse to initalise its WAN port or allow the user to access any outside traffic until they are forced to change to a non-standard password.

It would be no different if it was a pfsense or a monowall (both based on FreeBSD) or an IOS XR (based on QNX) or a ... presented a webconfigurator and didn't enforce proper security procedures. After all, POSIX compliant OS aren't that hard to write a generic script to own them in totality as certain toolchains are expected; certain paths are followed, etc.

Posted

Not one operating system is secure if the operator / user doesn't take basic security measures. I think that every with a bit knowledge about computer knows its not smart to keep the default password for a ADSL/router connected to the Internet.

With default passwords unchanged, it doesn't matter what operating system the device runs or what security measures you take if a hacker knows your password you've a problem.

I always had the idea that unwanted traffic on a Thai providers IP address was very low, but since a I installed a little server at my home and opened port 80 to be redirected to this server and serve a little website (on which I can track web and visitors traffic) I found out that a lot of visitors come on a daily base and they not come from the Dynamic DNS provider I use to connect my server to the Internet. Which means that people are actually testing IP addresses in Thailand to see if they can hack into something... After I found that I had lots of unwanted visitors I also activated the activity log in my router to see what happens, and I found that about twice a week somebody does a port scan of my IP address (apparently to see if I have any open ports).

At the moment only port 80 is open on the router and that is redirected to my home server... so I not worry to much... but how much people in Thailand still connect to the Internet with a simple ADSL modem or didn't enabled the firewall in the router... or even worse did not changed the default password.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...