Crazy how we are talking about this like a weather event, like it's just an unfortunate outage. Cyberattacked by whom? How? What vulnerabilities allowed the intrusion and what organizational processes created those vulnerabilities?
Naturally the people who know these answers are very busy today but hopefully we will hear more soon.
That probably is the better way to see it at this point. There's already enough bad actors out there that it's not really worth keeping track.
I'd be willing to bet that they have comprehensively sloppy and terrible infosec practices and that we'll never hear any details about it - most of their customers wouldn't understand, and it would only expose how bad they are at all of this if they did.
> Naturally the people who know these answers are very busy today but hopefully we will hear more soon.
Most of us don't actually know the answer, to be honest. They're not telling 6500 employees what really happened. I know more than you, but not that much more, and I'm definitely not saying anything about it.
It depends. The tr069 managed devices are typically router wifi combo type devices. If you can get a dumb modem that would would likely remove any tr069 vulnerabilities.
The firmware on whatever is doing docsis is going to be updatable by the ISP generally.
Two different mechanisms. The tr069 management and snmp triggered firmware upgrade
I think the attack described in the article is still possible in this setting, where the modem is in the middle of your unencrypted http traffic. This is true of any equipment belonging to the isp
However, I would assume no unencrypted traffic is safe anyway, and the modem would indeed not have access to your internal network.
Naturally the people who know these answers are very busy today but hopefully we will hear more soon.
reply