[ale] researcher's linux worm infects 400 K + devices by TELNET

Jay Lozier jslozier at gmail.com
Thu Mar 21 17:53:20 EDT 2013 

On 03/21/2013 03:41 PM, Jim Kinney wrote:
> in short: embeded system MUST be locked down or fully upgradeable.
>
> Basically this guy found a zillion embedded Linux devices and they 
> were all set up stupidly. Crap like telnet running with a root 
> password of root and just boneheaded stuff like that.
>
> It's one of the blowbacks from rapid Linux adoption - idiots make 
> devices with a full OS installed and -WHAM- you've a got a root-bot.
>
> Embedded devices are hard to get really right. Probably impossible to 
> get totally secure. SCADA security woes are based on a zillion 
> embedded windows 98 and XP devices that run utilities and water 
> treatment plants and industrial processes. Full of security holes and 
> not fixable without a hardware refresh (at 4x the cost of the original 
> device).
>
Could the telnet  and related packages be removed without causing any 
problems?

Also, how many of these devices need to be connected to the Internet?

One of the problems with the SCADA devices is that the older devices 
were never intended to be connected to something like the Internet. If 
they were connected to any devices, it was to be a local, independent 
control network with no outside connections.

> On Thu, Mar 21, 2013 at 2:56 PM, Ron Frazier (ALE) 
> <atllinuxenthinfo at techstarship.com 
> <mailto:atllinuxenthinfo at techstarship.com>> wrote:
>
>     Hi all,
>
>     This just came out on the Security Now podcast.  I thought I'd
>     pass it along.  I'll freely admit I don't understand everything
>     discussed.  However, you guys more up on security stuff will be
>     able to research this and act appropriately.  I'll explain this
>     the best I can based on what I heard on the podcast.
>
>     The podcast is entitled Telnet-pocalypse, and he reports on a very
>     serious report by an anonymous White Hat researcher about
>     vulnerable devices.  I have not attempted to verify this
>     information other than what's stated in Steve's podcast and in the
>     report cited, but it appears to be legitimate.
>
>     http://twit.tv/show/security-now/396
>
<snip>


-- 
Jay Lozier
jslozier at gmail.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130321/decb3896/attachment.html>

More information about the Ale mailing list