Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The New York Times)   Do you have a cable box? Congratulations, you may have just been a participant in the largest cyberattack in history   (nytimes.com) divider line 73
    More: Interesting, internet, nonprofit corporation, Low hanging fruit, Spamhaus  
•       •       •

16498 clicks; posted to Main » on 30 Mar 2013 at 10:24 AM (2 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



73 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2013-03-30 12:54:04 PM  
"There is a big possibility that you are part of the problem without even knowing it," said Paul Vixie,

I don't have a cable box, Paul, but you're right. In more ways than you can possibly imagine, you're absolutely right.
 
2013-03-30 12:56:08 PM  

mr_a: "...requires you to call your cable company and tell them that you do not want to be running an open resolver."

What exact planet do these people live on?


This.  I was unaware that cable boxes harbor DNS servers.  Am I mistaken? Mine would not function unless it had the IP address of a remote DNS server.
 
2013-03-30 12:58:04 PM  

c4rr0tc4k3: People still are too stupid to know this was a publicity stunt? There was no cyber attack fools.


Yeah, that's entirely wrong.

Sean M: Holy sheep shiat!  You mean cable boxes can actually do something?  At least the ones Comcrap serves up barely are functional to show TV video, let alone a guide or anything else useful.   They only last for ~6-8 months too.


I dropped AT&T after my sixth cable box in one year went tits up and they informed me they would have to start charging me for any more replacements.
 
2013-03-30 01:01:32 PM  

bondage_donkey: ... yeah. I'm not sure how STBs residing on a captive network used only for DNCS communication for VOD requests, SDV stream joins and iPPV orders somehow get involved in a DDOS out in the real world. Even the new DSG set-tops pass their data through VPN tunnels via encrypted downstream and upstream DOCSIS traffic, I'm not seeing this hack... at least not in the system I work for.





i46.tinypic.com
 
2013-03-30 01:01:48 PM  
graphics8.nytimes.com

Huh, so that's the guy who wrote the crontab utility on my linux boxen. He looks exactly like I thought he would.
 
2013-03-30 01:12:59 PM  
They didn't do this through the goodness of their hearts, but say what you will, I am glad that broadband providers stopped giving all their customers dumb modems with public IPs that hooked up through USB and started providing all-in-one wireless routers that configure NAT by default.

Yes, NAT isn't security, *but* it certainly prevents some of the easier shenanigans.

I know nothing about set-top box programming, (in fact, if someone wants to point me to some good references I'd be most appreciatiave) but I know it's done very inconsistently through a zillion Chinese vendors... in Java, which... Maybe is not the most secure way to do things.

Engineers should not do software development. Programmers shouldn't design hardware. Both groups should be horsewhipped occasionally by security analysts.
 
2013-03-30 01:14:34 PM  
I can imagine Time Warner tacking on another $5/month for an "open resolver fee".

/switched to Direct last month
//Time Warner can eat a bag of dicks
 
2013-03-30 01:21:37 PM  

germ78: FTFA: Indeed, there are other servers that amplify attacks - including machines called Simple Network Management Protocol (SNMP) servers

I've heard of SNMP... that's where people dress in leather and pee on each other, right?


Remember folks, watersports and home electronics do NOT mix well at all.

/safety is always number one
 
2013-03-30 01:31:09 PM  

Supes: I thought we already figured out a couple days ago that this entire cyber attack story was bullshiat, right?


Possibly, but stories like this breed fear, uncertainty and doubt with clueless CEOs, who in turn pressure their CIOs into buying the latest security products and the staff to run them.

Helps justify IT expenditure, so I'm cool with it.
 
2013-03-30 01:37:26 PM  
Ha! I couldn't even get Insight to understand that the HDMI port on our fancy new HDDVR from them was shot, they'd NEVER understand what I was talking about if I called them about this....
 
2013-03-30 01:56:44 PM  

heypete: BarkingUnicorn: Should be a way to redirect her "critical" clicks to goatse.

Hah. I wish.

HempHead: I go with the theory that its a PR stunt for Cloudflare and CyberBunker.

Not a single website has been taken offline.

Spamhaus and the CBL, a related site that distributes its data through Spamhaus' feeds, were offline for a while until CloudFlare got things under control -- Spamhaus sought out CF, not the other way around. They could have easily gone with Akamai or some other similar service. There were a lot of grumpy people seeking removal from the lists that were unable to do so due to the attack.

While I admit it's plausible for CloudFlare to have staged some part of it, it seems really unlikely -- they've been on the up-and-up for a while now, so suddenly turning evil/stupid seems a bit odd.

As for Cyberbunker, I'm not sure how it'd be a publicity stunt. "You too can host your business systems in a facility and network well-known to support spam and major attacks!" Doesn't really make sense.




CyberBunker has gotten more publicity than if they had run a Superbowl commercial. I'd never heard if them before, but now I know those guys don't back down to anyone.

And nobody has shown they are responsible for the "attack" is it really is going on.

China/N Korea are responsible for the vast majority of "attacks".
 
2013-03-30 02:00:37 PM  

Day_Old_Dutchie: Possibly, but stories like this breed fear, uncertainty and doubt with clueless CEOs, who in turn pressure their CIOs into buying the latest security products and the staff to run them.


... who then get cut because expenses are too high and IT isn't a profit center and quarterly numbers are down.
 
2013-03-30 02:20:57 PM  

A Shambling Mound: Given how astonishingly poorly most cable boxes are designed this doesn't surprise me in the slightest. It's like Scientific Atlanta Cisco and Motorola have cornered the market on stupid hardware.

 
2013-03-30 02:24:08 PM  
I discovered about a month ago that one of my routers at work was an open resolver.  Just part of the default config, apparently.  Another router from the same company, same model, but different firmware, was just fine.  Really strange.
 
2013-03-30 02:26:44 PM  
Also, old news

Back in 2009 a botnet was found running on German ADSL modems
Ended up the modems ran linux and all used the same admin password, so the worm ran through and gained control.

Of course being flash memory a reboot cleared out the worm and reset the modem

Link
 
2013-03-30 02:28:30 PM  
I'm a cool kid with the no cable crowd but have to add about the cable box we had. The only thing that thing could do well was get entirely too warm, bordering on hot and whizz and grind loudly. I would unplug it if we went on a long day trip because I honestly worried it would catch fire.

What it did poorly was literally everything else - showing TV, recording shows, having a UI that wasn't absolutely awful.

If these hackers figured out how to make use of the damn thing, more power to them.
 
2013-03-30 02:48:07 PM  
zedster:

Also, old news

Back in 2009 a botnet was found running on German ADSL modems
Ended up the modems ran linux and all used the same admin password, so the worm ran through and gained control.

Of course being flash memory a reboot cleared out the worm and reset the modem

Link


One of my favorites was when Verizon rolled out Fios, they gave everyone an off-brand wireless router that was pre-configured with WEP, and a factory-configured SSID.

This was an improvement in terms of 'well, the customer doesn't have to understand these things to have some level of security...'

The downside being that the WEP password was an easily-determined hash of the SSID. In other words, you could get the private info that would lay one's network wide open from the publicly available info with a pretty trivial transform.

BAD idea.
 
2013-03-30 03:32:20 PM  
But there is a silver lining. "I've been waiting for this attack for a long time," Dr. Vixie said, "so that we could tell the earth's population to do something about it."

thelifeinexile.files.wordpress.com
 
2013-03-30 06:16:37 PM  
Too bad for Comcast.  It's on them to update the WAN-side firmware and upgrade their stuff.  I take care of everything on this side.
 
2013-03-30 08:13:06 PM  

semiotix: bondage_donkey: ... yeah. I'm not sure how STBs residing on a captive network used only for DNCS communication for VOD requests, SDV stream joins and iPPV orders somehow get involved in a DDOS out in the real world. Even the new DSG set-tops pass their data through VPN tunnels via encrypted downstream and upstream DOCSIS traffic, I'm not seeing this hack... at least not in the system I work for.


The worst part is, I read it without missing a beat. (fellow cable guy). The writer of the NYT article is a moron.
 
2013-03-31 01:10:13 AM  
You guys are missing the point.
They NEED this kind of setup to measure the Nielsen ratings based on what you watch.


/also for the mic and micro camera
 
2013-03-31 11:36:36 AM  

bondage_donkey: ... yeah. I'm not sure how STBs residing on a captive network used only for DNCS communication for VOD requests, SDV stream joins and iPPV orders somehow get involved in a DDOS out in the real world. Even the new DSG set-tops pass their data through VPN tunnels via encrypted downstream and upstream DOCSIS traffic, I'm not seeing this hack... at least not in the system I work for.

Perhaps the writer is thinking more about things like Roku boxes and the like?


Let's solve for X:

Set Top Boxes
DNCS
Video on Demand
SDV
i Pay per View
Distributed Denial of Service
Digital Subscriber ???
Virtual Private Network
DOCSIS - Fark that but I know its the protocol that cable modems speak

Thanks for bringing back memories of reading the Cisco CCNA books, this is why networking guys never get invited to the cool parties :P
 
2013-04-01 01:33:44 AM  

BumpInTheNight: bondage_donkey: ... yeah. I'm not sure how STBs residing on a captive network used only for DNCS communication for VOD requests, SDV stream joins and iPPV orders somehow get involved in a DDOS out in the real world. Even the new DSG set-tops pass their data through VPN tunnels via encrypted downstream and upstream DOCSIS traffic, I'm not seeing this hack... at least not in the system I work for.

 
Perhaps the writer is thinking more about things like Roku boxes and the like?
 
Let's solve for X:
 
Set Top Boxes
DNCS
Video on Demand
SDV
i Pay per View
Distributed Denial of Service
Digital Subscriber ???
Virtual Private Network
DOCSIS - Fark that but I know its the protocol that cable modems speak

 
Thanks for bringing back memories of reading the Cisco CCNA books, this is why networking guys never get invited to the cool parties :P

hoo boy... let's shake off the rust.
STB = correct.
DNCS may as well be Digital Network Command System, for all I know. This box makes the STBs go.
VOD = correct
SDV = switched digital video
iPPV = impulse pay per view
DDOS = correct
DSG = DOCSIS Settop Gateway
VPN is obvious
DOCSIS = Data Over Cable System Interface Specification
 
/am I nerd-boy? yes I fekking am.
 
Displayed 23 of 73 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report