Rise of the machines

Forums › Off topic › Rise of the machines

1 | 2 | 3 | 4

3614 posts

Uber Geek
+1 received by user: 2539

ID Verified

Trusted

Lifetime subscriber

#1656700 23-Oct-2016 20:20

MikeB4: The IOT devices at home are behind a modem and router do the work there and things should be good. The peas in the freezer and the coffee will be sweet.

And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.

cynnicallemon

370 posts

Ultimate Geek
+1 received by user: 85

#1656716 23-Oct-2016 21:38

Fred99:

Rikkitic:

What happens if two toasters start playing tic-tac-toe and plunge the world into nuclear war?

Burned toast.

The NetBSD toaster is the only toaster I have ever wanted,

cynnicallemon

370 posts

Ultimate Geek
+1 received by user: 85

#1656721 23-Oct-2016 21:47

joker97:

cynnicallemon:

Classic Red Dwarf.

On a darker note, that reminded me of a film from the early 70's called Dark Star. This excellent film should be a reminder that we control (or not control) our own destiny in regards of AI.

It seems like a paradox to be in control over A.I., if the A has an I then by definition it is in control of itself (and therefore you).

Why? Humans "gave birth" to it so, like any kid/teen, if we don't nuture it then we will end up with chaos.

It's not the AI itself that I have the problem with so much but, whats behind those minds that create it.

cynnicallemon

370 posts

Ultimate Geek
+1 received by user: 85

#1656722 23-Oct-2016 21:52

BarTender:

And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.

UPNP is normally the first thing to get disabled on any router when I configure it, along with SAMBA and other wonderful things that have no need to be on an internet facing device.

darylblake

1165 posts

Uber Geek
+1 received by user: 407

Trusted

#1656723 23-Oct-2016 21:56

gzt: The internet of things is full of holes.

yeh absolutely. poorly written software on a lot of devices. update mechanisims are crap or non existant and people are like well my device works i am not gonna bother updating it. if you have a IoT fridge on a 100mbit ufb connx you can contribute quite a bit to ddosing.

cynnicallemon

370 posts

Ultimate Geek
+1 received by user: 85

#1656729 23-Oct-2016 22:25

darylblake:

gzt: The internet of things is full of holes.

yeh absolutely. poorly written software on a lot of devices. update mechanisims are crap or non existant and people are like well my device works i am not gonna bother updating it. if you have a IoT fridge on a 100mbit ufb connx you can contribute quite a bit to ddosing.

PhantomNVD

2619 posts

Uber Geek
+1 received by user: 759
Inactive user

#1656730 23-Oct-2016 22:31

http://waitbutwhy.com/2015/01/artificial-intelligence-revolution-2.html

An excellent discussion piece on why we should REALLY start thinking this through carefully!

Wise

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).

BarTender

3614 posts

Uber Geek
+1 received by user: 2539

ID Verified

Trusted

Lifetime subscriber

#1656776 24-Oct-2016 07:04

cynnicallemon:
BarTender:

And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.

UPNP is normally the first thing to get disabled on any router when I configure it, along with SAMBA and other wonderful things that have no need to be on an internet facing device.

You will be part of the 0.01% of the population that disables upnp.
As every IoT device depends on it. All gaming consoles need ports forwarded to game online. The vast majority of people are unable to reconfigure their own router hence why upnp was created.

Solve the upnp problem on ipv4 and don't say ipv6 since in that situation most devices are directly accessible as ipv6 removed the nat and firewall requirement.

Unsecured devices and upnp isn't going anywhere so this is the new world we live in.

cynnicallemon

370 posts

Ultimate Geek
+1 received by user: 85

#1656791 24-Oct-2016 08:51

BarTender:
As every IoT device depends on it. All gaming consoles need ports forwarded to game online.

Stupidity like this is why we're seeing such an escalation in attacks of late. If this is the "new world we live in" then I will do my best not to subscribe to it.

Technology is going at a faster rate than the human mind can adapt to it, at least that's what I think, and something unforeseen will occur somewhere down the track.

The whole "smart device" concept is pointing at the human race and saying it's dumb and it's just wrong.

Actually, to think about it you might be dumb if you spend $1600 on a "smart" phone which explodes in your trouser pocket and roasts your gonads...

Fred99

13684 posts

Uber Geek
+1 received by user: 10018

#1656804 24-Oct-2016 09:47

cynnicallemon:

Technology is going at a faster rate than the human mind can adapt to it, at least that's what I think, and something unforeseen will occur somewhere down the track.

I heard a comment from supposed experts the other day, projecting that over the coming decade or so, there will be 50 cyber-security job opportunities available for every qualified applicant. That usually means that the pay is better than for jobs where there are 50 qualified applicants for every available job. It may also mean that for every 50 people working in that role, 49 of them won't be adequately qualified.

I don't understand enough (or much at all really) about the subject, so just guessing, that as the source code for the malware which was used to compromise the IoT devices then launch the DDOS attack is freely available, then it could be re-written to locate the insecure devices, hack them, get them to broadcast their real IP and info about the device, then force ISPs to cut service to owners of the devices until they've secured them. ISPs wouldn't like it much - they'd need to be forced to act I expect, as customers with insecure devices will get very annoyed.

Get notice from ISP - please disconnect or secure your device "gizmobabycam" within 24 hours, or we'll disconnect your internet connection (or limit your upload bandwidth to 10kb/s until your devices are secure).

Dratsab

3951 posts

Uber Geek
+1 received by user: 1694

Trusted

Lifetime subscriber

#1656821 24-Oct-2016 10:29

Every time I hear people linking toasters to "smart" or "AI" I think of these:

Image result for cylon "toaster"

Kyanar

4089 posts

Uber Geek
+1 received by user: 1683

ID Verified

Trusted

#1656824 24-Oct-2016 10:36

Dratsab:

Every time I hear people linking toasters to "smart" or "AI" I think of these:

No no, those are tea makers. Pure Ceylon Tea is great!

BarTender

3614 posts

Uber Geek
+1 received by user: 2539

ID Verified

Trusted

Lifetime subscriber

#1656872 24-Oct-2016 11:35

Fred99: Get notice from ISP - please disconnect or secure your device "gizmobabycam" within 24 hours, or we'll disconnect your internet connection (or limit your upload bandwidth to 10kb/s until your devices are secure).

That will be a very expensive ordeal to deal with. As hand holding potentially tens of thousands of customers can through that will be time consuming and thus expensive.
Aren't ISPs supposed to just be shifting bits. Since now you're talking about port scanning customers and removing or limiting service. That could be interpreted as a privacy breach.

richms

28343 posts

Uber Geek
+1 received by user: 9325

Trusted

Lifetime subscriber

#1656875 24-Oct-2016 11:41

Devices behind a router that cant have incoming connections still connect out to their cloud service to recieve commands. That is how they still work when they are not accessable.

I had a quick look at the trashy cheap cameras from the same company that made all the compromised NVR's that are in the news. They use a service called XMeye to be visiable from outside.

The communication with that seems pretty basic. There was some cleartext stuff coming back from the cloud, and it seems that any user is able to try to authenticate with the camera via the cloud service just knowing the cameras sequential cloud ID.

You can untick the cloud tickbox in the settings, but they still want to communicate with xmeye. Who knows what someone who has either control over that can send back, or what they can send just by going via it as an unauthenticated user?

Firewall doesnt do crap when the devices are connecting out to get their own payloads etc.

Richard rich.ms

MikeB4

18464 posts

Uber Geek
+1 received by user: 12124

ID Verified

Trusted

Subscriber

#1656936 24-Oct-2016 15:08

cynnicallemon:

The NetBSD toaster is the only toaster I have ever wanted,

Can one get fries with that?

1 | 2 | 3 | 4