recentpopularlog in

security

« earlier   
q2vq2 • Ghostbin
"Dr Cyborkian a.k.a. janit0r, conditioner of 'terminally ill' devices":
<p>I am now here to warn you that what I've done was only a temporary band- aid and it's not going to be enough to save the Internet in the future.

The bad guys are getting more sophisticated, the number of potentially vulnerable devices keep increasing, and it's only a matter of time before a large scale Internet-disrupting event will occur. If you are willing to believe that I've disabled over 10 million vulnerable devices over the 13-month span of the project then it's not far-fetched to say that such a destructive event could've already happened in 2017.

YOU SHOULD WAKE UP TO THE FACT THAT THE INTERNET IS ONLY ONE OR TWO SERIOUS IOT EXPLOITS AWAY FROM BEING SEVERELY DISRUPTED. The damage of such an event is immeasurable given how digitally connected our societies have become, yet CERTs, ISPs and governments are not taking the gravity of the situation seriously enough.

ISPs keep deploying devices with exposed control ports and although these are trivially found using services like Shodan the national CERTs don't seem to care. A lot of countries don't even have CERTs. Many of the world's biggest ISPs do not have any actual security know-how in-house, and are instead relying on foreign vendors for help in case anything goes wrong. I've watched large ISPs withering for months under conditioning from my botnet without them being able to fully mitigate the vulnerabilities (good examples are BSNL, Telkom ZA, PLDT, from time to time PT Telkom, and pretty much most large ISPs south of the border).</p>


HE seems to be the author of "Brickerbot", an IoT-attacking malware strain which just seems to wreck them. If history is a guide, he's releasing the code for this (linked earlier in his post) because law enforcement is close enough that he's about to be caught, so he wants deniability - he uploads the code somewhere and then downloads it, and denies he wrote it. (Paras Jha, who recently pleaded guilty with others to writing the Mirai IoT bot, did the same.)
internet  security  hacking  iot 
17 hours ago by charlesarthur
Internet Chemotherapy - q2vq2 - Ghostbin
imagine what would've happened to the Internet in 2017 if I had been a blackhat dedicated to building a massive DDoS cannon for blackmailing the biggest providers and companies. I could've disrupted them all and caused extraordinary damage to the Internet in the process
security  internet 
17 hours ago by soft_mage
Creating a persistent ssh tunnel in Ubuntu |
Older script (upstart) to start and maintain an SSH tunnel on boot
vps  network  linux  ssh  security  web 
19 hours ago by BoxOfSnoo
Your smartphone’s next trick? Fighting cybercrime. - University at Buffalo
Clever: using imperfections in smartphone camera as ID, works since sensor is much smaller than regular DSLR.
hardware  security  paper 
20 hours ago by mechazoidal

Copy this bookmark:





to read