SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
SoylentNews
posted by
cmn32480
on Thursday October 27 2016, @04:29PM
from the in-Soviet-Russia-products-threaten-you dept.
from the in-Soviet-Russia-products-threaten-you dept.
It follows a product recall from the Chinese electronics firm Hangzhou after its web cameras were used in a massive web attack last week.
The attack knocked out sites such as Reddit, Twitter, Paypal and Spotify.
The Chinese government blamed customers for not changing their passwords.
Its legal warning was added to an online statement from the company Xiongmai, in which the firm said that it would recall products, mainly webcams, following the attack but denied that its devices made up the majority of the botnet used to launch it.
You will like Chinese products, or else.
This discussion has been archived.
No new comments can be posted.
Beijing Threatens Legal Action Over Webcam Claims
|
Log In/Create an Account
| Top
| 33 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
You are a fluke of the universe; you have no right to be here.
(Score: 4, Informative) by edIII on Thursday October 27 2016, @06:06PM
You're correct about the widespread nature of the problem. Not just IoT or consumer devices, but industrial ones too. A major manufacturer of industrial wireless (gigabit wireless links for 20+ miles that are near $10k per pair) completely boned their security for the web interface. With the exploit you could literally walk right in and run code as root. So hackers created a worm and let it loose across the entire infrastructure (multiple, multiple WISPS). Any WISP that had public IPs found their entire network compromised within hours, and this worm was nasty. Not even designed to make a profit or anything, just to destroy the whole network.
A few months after that, I noticed Panasonic said fuck it and turned off the web interface on some new products entirely. You need to use a remote control (DECT phone) to physically press a button to open the web port back up for 30 minutes. SSH disabled by default. So perhaps somebody is finally learning.
I'd give the Chinese a bit of a break though too. The fuckups are globally distributed and exist beyond politics. Meaning, it's not politicians causing it, but greedy executives who refuse to pay for adequate security until something like this happens. So personally, I want to see China take a HUGE MASSIVE fucking hit over this. So big, that corporations around the world simply out of fear of loss profits start taking security just a little bit more seriously.
At this point I'm looking into ssh tunneling all web traffic from the devices. That way there is no open web port at all, and you need to get through well implemented SSH keys before you can establish a tunnel to hit a *local* port. Then run a cron job to randomize the SSH port every 12 hours and report it back to the network management platform. Of course that only works with devices you can get root on in the first place.
From a security standpoint, most devices are DOA and entirely dependent upon something at the network edge to defend them. Internally, they're like tasty sheep or chicken just hoping the foxes and wolves don't get inside.
Technically, lunchtime is at any moment. It's just a wave function.