If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The New York Times)   Do you have a cable box? Congratulations, you may have just been a participant in the largest cyberattack in history   (nytimes.com) divider line 32
    More: Interesting, internet, nonprofit corporation, Low hanging fruit, Spamhaus  
•       •       •

16472 clicks; posted to Main » on 30 Mar 2013 at 10:24 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



Voting Results (Smartest)
View Voting Results: Smartest and Funniest


Archived thread
2013-03-30 11:33:24 AM
5 votes:

From the article:


But the real enablers of the attack were the operators of more than 27 million computers around the globe who left their equipment wide open to a motivated attacker. Those enablers are not just companies, but regular people with home cable boxes.


No, I'm not. The cable company owns the box in my home. They manage it. They update the software on it. They monitor its traffic. I have no say on how it is managed, how it is configured, and don't have any access to the box's OS.
2013-03-30 11:12:01 AM
3 votes:
Given how astonishingly poorly most cable boxes are designed this doesn't surprise me in the slightest. It's like Scientific Atlanta and Motorola have cornered the market on stupid hardware.

That's not even getting into the user interfaces these things use, or the design of the remote. You have assume they start with a decent, workable design and then start screwing it up one step at a time and removing sensible features until it's nearly un-usable, then ship it.
2013-03-30 10:48:08 AM
3 votes:

gweilo8888: You mean the cyber attack that had no impact outside the company being attacked?

http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie


There is a rather interesting response from a netops guy at nlayer, a major network provider, that explains that while such attacks are unlikely to cause issues for major providers with direct links to each other, it can cause problems for various internet exchange points as they tend to involve a lot of smaller networks that may get more easily saturated.
2013-03-30 02:28:30 PM
2 votes:
I'm a cool kid with the no cable crowd but have to add about the cable box we had. The only thing that thing could do well was get entirely too warm, bordering on hot and whizz and grind loudly. I would unplug it if we went on a long day trip because I honestly worried it would catch fire.

What it did poorly was literally everything else - showing TV, recording shows, having a UI that wasn't absolutely awful.

If these hackers figured out how to make use of the damn thing, more power to them.
2013-03-30 02:26:44 PM
2 votes:
Also, old news

Back in 2009 a botnet was found running on German ADSL modems
Ended up the modems ran linux and all used the same admin password, so the worm ran through and gained control.

Of course being flash memory a reboot cleared out the worm and reset the modem

Link
2013-03-30 12:08:06 PM
2 votes:
... yeah. I'm not sure how STBs residing on a captive network used only for DNCS communication for VOD requests, SDV stream joins and iPPV orders somehow get involved in a DDOS out in the real world. Even the new DSG set-tops pass their data through VPN tunnels via encrypted downstream and upstream DOCSIS traffic, I'm not seeing this hack... at least not in the system I work for.

Perhaps the writer is thinking more about things like Roku boxes and the like?
2013-03-30 11:50:36 AM
2 votes:

c4rr0tc4k3: People still are too stupid to know this was a publicity stunt? There was no cyber attack fools.


A publicity stunt for who? Spamhaus? Pretty much everyone already knows about them. They have no reason to lie, and their service was substantially degraded for a while.

CloudFlare? Maybe, but they're already pretty well-known for doing what they do, so why would they make false claims about an attack? While it's plausible for them to lie as a publicity stunt, it seems like something that would be easily verified and not really in line with their past actions.

There clearly was an attack, and various third-party network providers have confirmed it. It was not as devastating as the news media made it out to be, but it's still an impressively large attack.
2013-03-30 11:45:09 AM
2 votes:

A Shambling Mound: Given how astonishingly poorly most cable boxes are designed this doesn't surprise me in the slightest. It's like Scientific Atlanta and Motorola have cornered the market on stupid hardware.


That's because the cable company is the real customer, not the home user. The goals of the box are control and monetization, not providing services you really want or even really being secure other than protecting content.
2013-03-30 10:59:29 AM
2 votes:
FTFA: "But the real enablers of the attack were the operators of more than 27 million computers around the globe who left their equipment wide open to a motivated attacker. Those enablers are not just companies, but regular people with home cable boxes. "There is a big possibility that you are part of the problem without even knowing it," said Paul Vixie, chairman of the Internet Software Consortium, a nonprofit company responsible for the software used by many of the servers that power the Internet.


"The real enablers of rape aren't the rapists, but the companies who make their clothing so skimpy as to be wide open to a motivated attacker. Those enablers are not just companies, but regular people who wear those sexy, skimpy clothes. There is a big possibility that you are part of the problem without even knowing it," said Paul Vixie, some random asshat who sounds like he had one too many drinks and made some bad choices with his brother's underage daughter.
2013-03-30 10:40:16 AM
2 votes:
My cable modem is a fairly stupid bridge between the cable network and ethernet. It has no DNS capabilities whatsoever. Isn't this fairly standard? Why the hell would a cable modem need anything to do with DNS?

Even cable modem/router combos, as often provided by ISPs, shouldn't have any public-facing services -- sure, have a caching DNS resolver on the LAN side, but not on the WAN. To do otherwise is negligently stupid (which is par for the course for cable companies).

What the hell, people?
2013-03-30 10:35:23 AM
2 votes:
All ISP supplied equipment should have a firewall on it enabled by default. There is no excuse for any which don't.
2013-03-30 07:38:20 AM
2 votes:
you may have just been a participant in the largest cyberattack in history

You mean the cyberattack that had no affect on 99.999% of the internet?
2013-03-30 08:13:06 PM
1 votes:

semiotix: bondage_donkey: ... yeah. I'm not sure how STBs residing on a captive network used only for DNCS communication for VOD requests, SDV stream joins and iPPV orders somehow get involved in a DDOS out in the real world. Even the new DSG set-tops pass their data through VPN tunnels via encrypted downstream and upstream DOCSIS traffic, I'm not seeing this hack... at least not in the system I work for.


The worst part is, I read it without missing a beat. (fellow cable guy). The writer of the NYT article is a moron.
2013-03-30 03:32:20 PM
1 votes:
But there is a silver lining. "I've been waiting for this attack for a long time," Dr. Vixie said, "so that we could tell the earth's population to do something about it."

thelifeinexile.files.wordpress.com
2013-03-30 02:48:07 PM
1 votes:
zedster:

Also, old news

Back in 2009 a botnet was found running on German ADSL modems
Ended up the modems ran linux and all used the same admin password, so the worm ran through and gained control.

Of course being flash memory a reboot cleared out the worm and reset the modem

Link


One of my favorites was when Verizon rolled out Fios, they gave everyone an off-brand wireless router that was pre-configured with WEP, and a factory-configured SSID.

This was an improvement in terms of 'well, the customer doesn't have to understand these things to have some level of security...'

The downside being that the WEP password was an easily-determined hash of the SSID. In other words, you could get the private info that would lay one's network wide open from the publicly available info with a pretty trivial transform.

BAD idea.
2013-03-30 01:21:37 PM
1 votes:

germ78: FTFA: Indeed, there are other servers that amplify attacks - including machines called Simple Network Management Protocol (SNMP) servers

I've heard of SNMP... that's where people dress in leather and pee on each other, right?


Remember folks, watersports and home electronics do NOT mix well at all.

/safety is always number one
2013-03-30 01:01:48 PM
1 votes:
graphics8.nytimes.com

Huh, so that's the guy who wrote the crontab utility on my linux boxen. He looks exactly like I thought he would.
2013-03-30 01:01:32 PM
1 votes:

bondage_donkey: ... yeah. I'm not sure how STBs residing on a captive network used only for DNCS communication for VOD requests, SDV stream joins and iPPV orders somehow get involved in a DDOS out in the real world. Even the new DSG set-tops pass their data through VPN tunnels via encrypted downstream and upstream DOCSIS traffic, I'm not seeing this hack... at least not in the system I work for.





i46.tinypic.com
2013-03-30 12:58:04 PM
1 votes:

c4rr0tc4k3: People still are too stupid to know this was a publicity stunt? There was no cyber attack fools.


Yeah, that's entirely wrong.

Sean M: Holy sheep shiat!  You mean cable boxes can actually do something?  At least the ones Comcrap serves up barely are functional to show TV video, let alone a guide or anything else useful.   They only last for ~6-8 months too.


I dropped AT&T after my sixth cable box in one year went tits up and they informed me they would have to start charging me for any more replacements.
2013-03-30 12:54:04 PM
1 votes:
"There is a big possibility that you are part of the problem without even knowing it," said Paul Vixie,

I don't have a cable box, Paul, but you're right. In more ways than you can possibly imagine, you're absolutely right.
2013-03-30 12:44:45 PM
1 votes:
Holy sheep shiat!  You mean cable boxes can actually do something?  At least the ones Comcrap serves up barely are functional to show TV video, let alone a guide or anything else useful.   They only last for ~6-8 months too.
2013-03-30 12:42:32 PM
1 votes:

BarkingUnicorn: Should be a way to redirect her "critical" clicks to goatse.


Hah. I wish.

HempHead: I go with the theory that its a PR stunt for Cloudflare and CyberBunker.

Not a single website has been taken offline.


Spamhaus and the CBL, a related site that distributes its data through Spamhaus' feeds, were offline for a while until CloudFlare got things under control -- Spamhaus sought out CF, not the other way around. They could have easily gone with Akamai or some other similar service. There were a lot of grumpy people seeking removal from the lists that were unable to do so due to the attack.

While I admit it's plausible for CloudFlare to have staged some part of it, it seems really unlikely -- they've been on the up-and-up for a while now, so suddenly turning evil/stupid seems a bit odd.

As for Cyberbunker, I'm not sure how it'd be a publicity stunt. "You too can host your business systems in a facility and network well-known to support spam and major attacks!" Doesn't really make sense.
2013-03-30 11:50:24 AM
1 votes:
If that was the biggest cyber-attack in history, then we have nothing to worry about.
2013-03-30 11:49:51 AM
1 votes:

Joe Peanut: From the article:


But the real enablers of the attack were the operators of more than 27 million computers around the globe who left their equipment wide open to a motivated attacker. Those enablers are not just companies, but regular people with home cable boxes.


No, I'm not. The cable company owns the box in my home. They manage it. They update the software on it. They monitor its traffic. I have no say on how it is managed, how it is configured, and don't have any access to the box's OS.


You ever notice a lot of "tech" writers for the general media are completely ignorant?
2013-03-30 11:36:29 AM
1 votes:

heypete: Just a bit. :)

Sounds about what I expected it to be. I just wish there was a reasonable "escalate to people who know what they're doing" button, though I can imagine it'd be massively abused.

/used to do IT for a university department, we had one user who constantly filed CRITICAL tickets. These were normally reserved for things that required immediate attention, like a server on fire, and paged the on-duty IT staff. Her critical tickets were normally for things like "printer is out of paper", "mouse is unplugged", "how do I open this file I received in Outlook", etc. Gah!


Yup that's the double-edged sword right there, that ISP wasn't the only center I worked in and yah the smaller/better ones did have that ability and it was appreciated by everyone involved.  I wouldn't expect that from a run of the mill ISP tech support and its chosen call center management company du jour though, that's for sure.  Despite being bitter I do look back on that job and take away the positives:  Fresh out of school I thought I was good to go gimmie the million dollar servers and I'll admin them like a champ, it took a few years working the trenches at the ISP and then both the major PC vendors to realize how little I actually knew and needed to know and most importantly there will always be things I don't know and its okay because I can learn those things too.
2013-03-30 11:20:58 AM
1 votes:

DubtodaIll: I have been having at issue with my Comcast internet this morning.  Only a few pages were loading but most of the internet was unavailable.  The only pages that would load are Google, Youtube, Facebook, and Fark.  Seems to be working fine now though.


reboot your modem, Comcast has been doing some upgrades and that's been causing some issues
2013-03-30 11:12:44 AM
1 votes:

heypete: Heh. I remember emailing Cox a while back because their recursive DNS servers were rewriting TTLs to 30 seconds (regardless of what the authoritative server specified as the TTL). This resulted in considerably higher DNS traffic as less stuff was being cached. Not a good thing. I sent them an email saying that their tier 1 support guys couldn't answer it and asked that they forward the message onto the relevant network admins who manage the DNS servers.

I got a reply back the next day saying "We're sorry to hear you're having trouble setting up your wireless network. Here's some instructions for configuring certain wireless routers..."

At that point I gave up and switched to Google Public DNS.


I'm not surprised at all, having worked 1rst level tech support for such an ISP before moving on to greener pastures I can picture how that was received:  First level person stares at it for like, 15 minutes, trying to figure out what authoritive server means because they can't even google it due to the overly protective proxy rules.  They ultimately either throw a canned response at it and try to forget it ever showed up or they bring it to their floor-expert, someone who's just smart enough to figure out how to get off the front line but hasn't the will, ability or experience yet to get a better job somewhere else.  That person either fluffs it off or if they are still new to the position and understand the contents might try to approach their manager.  The manager at best will suggest it gets brought up in the next conference call with the  client(the ISP itself), next month, but they won't even write it down because they know it won't get past the client relations people on the other end and the closest thing to a technical person on the call is the QA lacky who's only there to take the customary brow beating on behalf of yet another front liner chosen to be sacrificed to the call flow metric gods.  There is such a purposeful and heavy disconnect between the clients and the call centers that yah nothing outside of that tight little support scope they're paid to deal with will ever see the light of day.

/do I sound bitter?  Yah that was pretty bitter sounding wasn't it :P
//soooooo glad to have moved on from that bullshiat, all of it
2013-03-30 10:57:02 AM
1 votes:

skinink: Call Comcast customer service and tell them I do not want to be running an open resolver? Hell, they can't handle basic technical requests and I'm supposed to be comfortable discussing resolvers with them?


Heh. I remember emailing Cox a while back because their recursive DNS servers were rewriting TTLs to 30 seconds (regardless of what the authoritative server specified as the TTL). This resulted in considerably higher DNS traffic as less stuff was being cached. Not a good thing. I sent them an email saying that their tier 1 support guys couldn't answer it and asked that they forward the message onto the relevant network admins who manage the DNS servers.

I got a reply back the next day saying "We're sorry to hear you're having trouble setting up your wireless network. Here's some instructions for configuring certain wireless routers..."

At that point I gave up and switched to Google Public DNS.
2013-03-30 10:54:08 AM
1 votes:
Call Comcast customer service and tell them I do not want to be running an open resolver? Hell, they can't handle basic technical requests and I'm supposed to be comfortable discussing resolvers with them?
2013-03-30 10:39:06 AM
1 votes:
I have been having at issue with my Comcast internet this morning.  Only a few pages were loading but most of the internet was unavailable.  The only pages that would load are Google, Youtube, Facebook, and Fark.  Seems to be working fine now though.
2013-03-30 10:38:14 AM
1 votes:
Do you have a cable box?


Hahahahaha no.
2013-03-30 09:51:13 AM
1 votes:
AAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHH COMCAST IS ISLAMIC

/lookit that Islamocrescent look at it look at it waaaaah
//slobber
 
Displayed 32 of 32 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report