[ale] researcher's linux worm infects 400 K + devices by TELNET

Jim Kinney jim.kinney at gmail.com
Thu Mar 21 18:30:12 EDT 2013


On Thu, Mar 21, 2013 at 5:53 PM, Jay Lozier <jslozier at gmail.com> wrote:

>  On 03/21/2013 03:41 PM, Jim Kinney wrote:
>
> in short: embeded system MUST be locked down or fully upgradeable.
>
> Basically this guy found a zillion embedded Linux devices and they were
> all set up stupidly. Crap like telnet running with a root password of root
> and just boneheaded stuff like that.
>
> It's one of the blowbacks from rapid Linux adoption - idiots make devices
> with a full OS installed and -WHAM- you've a got a root-bot.
>
> Embedded devices are hard to get really right. Probably impossible to get
> totally secure. SCADA security woes are based on a zillion embedded windows
> 98 and XP devices that run utilities and water treatment plants and
> industrial processes. Full of security holes and not fixable without a
> hardware refresh (at 4x the cost of the original device).
>
>  Could the telnet  and related packages be removed without causing any
> problems?
>
My understanding it these devices are burned into ROM and not upgradeable.

>
> Also, how many of these devices need to be connected to the Internet?
>
directly and no firewall installed.

>
> One of the problems with the SCADA devices is that the older devices were
> never intended to be connected to something like the Internet. If they were
> connected to any devices, it was to be a local, independent control network
> with no outside connections.
>

But they all got plugged in anyway because it was "easier" to manage them.

<sigh>

this stuff (what a decent SysAdmin does) is really hard to do even
half-assed. Damn near impossible to do it well. Add in the PHB/cheap factor
and it turns into a clusterfook real fast.

>
>
>  On Thu, Mar 21, 2013 at 2:56 PM, Ron Frazier (ALE) <
> atllinuxenthinfo at techstarship.com> wrote:
>
>> Hi all,
>>
>> This just came out on the Security Now podcast.  I thought I'd pass it
>> along.  I'll freely admit I don't understand everything discussed.
>>  However, you guys more up on security stuff will be able to research this
>> and act appropriately.  I'll explain this the best I can based on what I
>> heard on the podcast.
>>
>> The podcast is entitled Telnet-pocalypse, and he reports on a very
>> serious report by an anonymous White Hat researcher about vulnerable
>> devices.  I have not attempted to verify this information other than what's
>> stated in Steve's podcast and in the report cited, but it appears to be
>> legitimate.
>>
>> http://twit.tv/show/security-now/396
>>
>>   <snip>
>
>
> --
> Jay Lozierjslozier at gmail.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130321/6d5c46e1/attachment-0001.html>


More information about the Ale mailing list