Hacker News new | past | comments | ask | show | jobs | submit login
New worm can infect home modem/routers (apcmag.com)
18 points by davo11 on March 25, 2009 | hide | past | favorite | 3 comments



This article seems a bit confused about how the worm is spread: It is a simple bruit force password attack, targeted at mipsel Linux-based routers.

The post at DroneBL (linked to by the article) seems to be a better read:

http://www.dronebl.org/blog/8


Gotta say, that's pretty interesting. I've become very curious recently about "The Botnet" and just exactly what it is, how it is maintained and what resources it relies on/consumes ... which might be ignorance?

Some purists may be against my referring to what is a distributed and loosely organised menagerie of differently compromised systems as a singular entity, but I find it inspiring to think of this as the common enemy that binds the internet civilisation.

I have heard many a deeply fascinating story about the exploits of this web marauder, such as the well known Estonia ddos: http://tinyurl.com/3ashwk

as well as theories that dispute the controlling agents of the botnet, arguing for and against the autonomy of "The Botnet" itself. With some stating it's defence mechanisms mirror those of immune systems or other organic systems. (not sure where my reference is for that one)

With this being such a massive force on the internet, what do people know of vigilante justice that seeks to control "The Botnet"? I find it hard to believe that the old-school "white hat hackers" would allow themselves to be pushed aside by this mother of all script kiddies!

I had a quick look around and all I could find was this interesting little morsel: http://tinyurl.com/de4t5l

essentially a distributed proxy shield that (if I'm not mistaken) inverts the tor architecture and incorporates a relatively expensive authorisation to perturb the activity of a botnet attack on a particular server.

But what I'm really looking for is a legitimate attempt to set up some distributed system to attack the botnet itself?

just some food for thought, I thought.


The network equipment producers use cheapest programmers, which never ever will read Red Book ( http://www.amazon.com/UNIX-System-Administration-Handbook-3r... ), or File System Hierarchy Standard, or any other standard.

My mobile phone (Motorola A1200 with MontaVista Linux) has "root" user with empty password. It was very non-trivial to change password, because root file system is read only. :-)

IMHO, equipment producers should use persons with experience in both programming and administration (like me ;-) ), or use experienced administrators to review embedded systems before they are shipped to end users.

Government should also try regulate minimal acceptable level of security in network-connected devices, because ignorance of these security related problems creates huge risk for everybody. Imagine robots, which are controlled by hackers. Network devices can steal your credit card number and/or open doors for other trojans. Robots can steal your credit card and/or open door for breakers.

See also: "Researchers Demo BIOS Attack That Survives Disk Wipes" http://it.slashdot.org/article.pl?sid=09/03/23/1248214




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: