Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
BarTender
3419 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1656700 23-Oct-2016 20:20
Send private message

MikeB4: The IOT devices at home are behind a modem and router do the work there and things should be good. The peas in the freezer and the coffee will be sweet.

 

And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.

 





and


Affiliate link
 
 
 

Affiliate link: Life360 protects each family member with advanced driving, digital, and location safety features. Choose the plan that fits your family’s size and life stage.
cynnicallemon
370 posts

Ultimate Geek


  #1656716 23-Oct-2016 21:38
Send private message

Fred99:

 

Rikkitic:

 

What happens if two toasters start playing tic-tac-toe and plunge the world into nuclear war?

 

 

Burned toast.

 

 

The NetBSD toaster is the only toaster I have ever wanted,

 

 


cynnicallemon
370 posts

Ultimate Geek


  #1656721 23-Oct-2016 21:47
Send private message

joker97:

 

cynnicallemon:

 

Classic Red Dwarf.

 

On a darker note, that reminded me of a film from the early 70's called Dark Star. This excellent film should be a reminder that we control (or not control) our own destiny in regards of AI.

 

 

It seems like a paradox to be in control over A.I., if the A has an I then by definition it is in control of itself (and therefore you).

 

 

Why? Humans "gave birth" to it so, like any kid/teen, if we don't nuture it then we will end up with chaos. 

 

It's not the AI itself that I have the problem with so much but, whats behind those minds that create it.




cynnicallemon
370 posts

Ultimate Geek


  #1656722 23-Oct-2016 21:52
Send private message

BarTender:

 

And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.

 

 

UPNP is normally the first thing to get disabled on any router when I configure it, along with SAMBA and other wonderful things that have no need to be on an internet facing device.

 

 


darylblake
1103 posts

Uber Geek

Trusted

  #1656723 23-Oct-2016 21:56
Send private message

gzt: The internet of things is full of holes.

 

yeh absolutely. poorly written software on a lot of devices. update mechanisims are crap or non existant and people are like well my device works i am not gonna bother updating it. if you have a IoT fridge on a 100mbit ufb connx you can contribute quite a bit to ddosing. 


cynnicallemon
370 posts

Ultimate Geek


  #1656729 23-Oct-2016 22:25
Send private message

darylblake:

 

gzt: The internet of things is full of holes.

 

yeh absolutely. poorly written software on a lot of devices. update mechanisims are crap or non existant and people are like well my device works i am not gonna bother updating it. if you have a IoT fridge on a 100mbit ufb connx you can contribute quite a bit to ddosing. 

 

 


PhantomNVD
2619 posts

Uber Geek
Inactive user


  #1656730 23-Oct-2016 22:31
Send private message

http://waitbutwhy.com/2015/01/artificial-intelligence-revolution-2.html

An excellent discussion piece on why we should REALLY start thinking this through carefully!



BarTender
3419 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1656776 24-Oct-2016 07:04
Send private message

cynnicallemon:

BarTender:


And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.



UPNP is normally the first thing to get disabled on any router when I configure it, along with SAMBA and other wonderful things that have no need to be on an internet facing device.


 


You will be part of the 0.01% of the population that disables upnp.
As every IoT device depends on it. All gaming consoles need ports forwarded to game online. The vast majority of people are unable to reconfigure their own router hence why upnp was created.

Solve the upnp problem on ipv4 and don't say ipv6 since in that situation most devices are directly accessible as ipv6 removed the nat and firewall requirement.

Unsecured devices and upnp isn't going anywhere so this is the new world we live in.




and


cynnicallemon
370 posts

Ultimate Geek


  #1656791 24-Oct-2016 08:51
Send private message

BarTender:
As every IoT device depends on it. All gaming consoles need ports forwarded to game online.

 

Stupidity like this is why we're seeing such an escalation in attacks of late. If this is the "new world we live in" then I will do my best not to subscribe to it.

 

Technology is going at a faster rate than the human mind can adapt to it, at least that's what I think, and something unforeseen will occur somewhere down the track.

 

The whole "smart device" concept is pointing at the human race and saying it's dumb and it's just wrong.

 

Actually, to think about it you might be dumb if you spend $1600 on a "smart" phone which explodes in your trouser pocket and roasts your gonads...


Fred99
13684 posts

Uber Geek


  #1656804 24-Oct-2016 09:47
Send private message

cynnicallemon:

 

 

 

Technology is going at a faster rate than the human mind can adapt to it, at least that's what I think, and something unforeseen will occur somewhere down the track.

 

 

 

 

I heard a comment from supposed experts the other day, projecting that over the coming decade or so, there will be 50 cyber-security job opportunities available for every qualified applicant.  That usually means that the pay is better than for jobs where there are 50 qualified applicants for every available job.  It may also mean that for every 50 people working in that role, 49 of them won't be adequately qualified.

 

I don't understand enough (or much at all really) about the subject, so just guessing, that as the source code for the malware which was used to compromise the IoT devices then launch the DDOS attack is freely available, then it could be re-written to locate the insecure devices, hack them, get them to broadcast their real IP and info about the device, then force ISPs to cut service to owners of the devices until they've secured them. ISPs wouldn't like it much - they'd need to be forced to act I expect, as customers with insecure devices will get very annoyed.

 

Get notice from ISP - please disconnect or secure your device "gizmobabycam" within 24 hours, or we'll disconnect your internet connection (or limit your upload bandwidth to 10kb/s until your devices are secure).

 

 


Dratsab
3810 posts

Uber Geek

Trusted
Lifetime subscriber

  #1656821 24-Oct-2016 10:29
Send private message

Every time I hear people linking toasters to "smart" or "AI" I think of these:

 

Image result for cylon "toaster"


Kyanar
3458 posts

Uber Geek

Trusted
Subscriber

  #1656824 24-Oct-2016 10:36
Send private message

Dratsab:

 

Every time I hear people linking toasters to "smart" or "AI" I think of these:

 

Image result for cylon "toaster"

 

 

No no, those are tea makers. Pure Ceylon Tea is great!


BarTender
3419 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1656872 24-Oct-2016 11:35
Send private message

Fred99: Get notice from ISP - please disconnect or secure your device "gizmobabycam" within 24 hours, or we'll disconnect your internet connection (or limit your upload bandwidth to 10kb/s until your devices are secure).

That will be a very expensive ordeal to deal with. As hand holding potentially tens of thousands of customers can through that will be time consuming and thus expensive.
Aren't ISPs supposed to just be shifting bits. Since now you're talking about port scanning customers and removing or limiting service. That could be interpreted as a privacy breach.




and


richms
25279 posts

Uber Geek

Trusted
Subscriber

  #1656875 24-Oct-2016 11:41
Send private message

Devices behind a router that cant have incoming connections still connect out to their cloud service to recieve commands. That is how they still work when they are not accessable.

 

I had a quick look at the trashy cheap cameras from the same company that made all the compromised NVR's that are in the news. They use a service called XMeye to be visiable from outside.

 

The communication with that seems pretty basic. There was some cleartext stuff coming back from the cloud, and it seems that any user is able to try to authenticate with the camera via the cloud service just knowing the cameras sequential cloud ID.

 

You can untick the cloud tickbox in the settings, but they still want to communicate with xmeye. Who knows what someone who has either control over that can send back, or what they can send just by going via it as an unauthenticated user?

 

Firewall doesnt do crap when the devices are connecting out to get their own payloads etc.





Richard rich.ms

MikeB4
17152 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #1656936 24-Oct-2016 15:08
Send private message

cynnicallemon:

 

 

 

The NetBSD toaster is the only toaster I have ever wanted,

 

 

 

 

 

 

Can one get fries with that?


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00


Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00


Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51


ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28


GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41


Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10


Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup