Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
2486 posts

Uber Geek
+1 received by user: 897

Trusted
Lifetime subscriber

  Reply # 1656700 23-Oct-2016 20:20
Send private message

MikeB4: The IOT devices at home are behind a modem and router do the work there and things should be good. The peas in the freezer and the coffee will be sweet.

 

And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.

 






370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1656716 23-Oct-2016 21:38
One person supports this post
Send private message

Fred99:

 

Rikkitic:

 

What happens if two toasters start playing tic-tac-toe and plunge the world into nuclear war?

 

 

Burned toast.

 

 

The NetBSD toaster is the only toaster I have ever wanted,

 

 


 
 
 
 


370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1656721 23-Oct-2016 21:47
Send private message

joker97:

 

cynnicallemon:

 

Classic Red Dwarf.

 

On a darker note, that reminded me of a film from the early 70's called Dark Star. This excellent film should be a reminder that we control (or not control) our own destiny in regards of AI.

 

 

It seems like a paradox to be in control over A.I., if the A has an I then by definition it is in control of itself (and therefore you).

 

 

Why? Humans "gave birth" to it so, like any kid/teen, if we don't nuture it then we will end up with chaos. 

 

It's not the AI itself that I have the problem with so much but, whats behind those minds that create it.


370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1656722 23-Oct-2016 21:52
Send private message

BarTender:

 

And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.

 

 

UPNP is normally the first thing to get disabled on any router when I configure it, along with SAMBA and other wonderful things that have no need to be on an internet facing device.

 

 


922 posts

Ultimate Geek
+1 received by user: 285

Trusted

  Reply # 1656723 23-Oct-2016 21:56
Send private message

gzt: The internet of things is full of holes.

 

yeh absolutely. poorly written software on a lot of devices. update mechanisims are crap or non existant and people are like well my device works i am not gonna bother updating it. if you have a IoT fridge on a 100mbit ufb connx you can contribute quite a bit to ddosing. 






370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1656729 23-Oct-2016 22:25
Send private message

darylblake:

 

gzt: The internet of things is full of holes.

 

yeh absolutely. poorly written software on a lot of devices. update mechanisims are crap or non existant and people are like well my device works i am not gonna bother updating it. if you have a IoT fridge on a 100mbit ufb connx you can contribute quite a bit to ddosing. 

 

 


2490 posts

Uber Geek
+1 received by user: 684


  Reply # 1656730 23-Oct-2016 22:31
Send private message

http://waitbutwhy.com/2015/01/artificial-intelligence-revolution-2.html

An excellent discussion piece on why we should REALLY start thinking this through carefully!

2486 posts

Uber Geek
+1 received by user: 897

Trusted
Lifetime subscriber

  Reply # 1656776 24-Oct-2016 07:04
Send private message

cynnicallemon:

BarTender:


And the said IoF (Internet of Fail) device talking to your local router using upnp to open a port to the internet. Then services like shodan or other botnets scanning the interwebs and then using the open ports as an attack vector for the DDoS.



UPNP is normally the first thing to get disabled on any router when I configure it, along with SAMBA and other wonderful things that have no need to be on an internet facing device.


 


You will be part of the 0.01% of the population that disables upnp.
As every IoT device depends on it. All gaming consoles need ports forwarded to game online. The vast majority of people are unable to reconfigure their own router hence why upnp was created.

Solve the upnp problem on ipv4 and don't say ipv6 since in that situation most devices are directly accessible as ipv6 removed the nat and firewall requirement.

Unsecured devices and upnp isn't going anywhere so this is the new world we live in.





370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1656791 24-Oct-2016 08:51
Send private message

BarTender:
As every IoT device depends on it. All gaming consoles need ports forwarded to game online.

 

Stupidity like this is why we're seeing such an escalation in attacks of late. If this is the "new world we live in" then I will do my best not to subscribe to it.

 

Technology is going at a faster rate than the human mind can adapt to it, at least that's what I think, and something unforeseen will occur somewhere down the track.

 

The whole "smart device" concept is pointing at the human race and saying it's dumb and it's just wrong.

 

Actually, to think about it you might be dumb if you spend $1600 on a "smart" phone which explodes in your trouser pocket and roasts your gonads...


7601 posts

Uber Geek
+1 received by user: 4021


  Reply # 1656804 24-Oct-2016 09:47
Send private message

cynnicallemon:

 

 

 

Technology is going at a faster rate than the human mind can adapt to it, at least that's what I think, and something unforeseen will occur somewhere down the track.

 

 

 

 

I heard a comment from supposed experts the other day, projecting that over the coming decade or so, there will be 50 cyber-security job opportunities available for every qualified applicant.  That usually means that the pay is better than for jobs where there are 50 qualified applicants for every available job.  It may also mean that for every 50 people working in that role, 49 of them won't be adequately qualified.

 

I don't understand enough (or much at all really) about the subject, so just guessing, that as the source code for the malware which was used to compromise the IoT devices then launch the DDOS attack is freely available, then it could be re-written to locate the insecure devices, hack them, get them to broadcast their real IP and info about the device, then force ISPs to cut service to owners of the devices until they've secured them. ISPs wouldn't like it much - they'd need to be forced to act I expect, as customers with insecure devices will get very annoyed.

 

Get notice from ISP - please disconnect or secure your device "gizmobabycam" within 24 hours, or we'll disconnect your internet connection (or limit your upload bandwidth to 10kb/s until your devices are secure).

 

 


3154 posts

Uber Geek
+1 received by user: 965

Trusted
Lifetime subscriber

  Reply # 1656821 24-Oct-2016 10:29
Send private message

Every time I hear people linking toasters to "smart" or "AI" I think of these:

 

Image result for cylon "toaster"


3044 posts

Uber Geek
+1 received by user: 467

Trusted
Subscriber

  Reply # 1656824 24-Oct-2016 10:36
Send private message

Dratsab:

 

Every time I hear people linking toasters to "smart" or "AI" I think of these:

 

Image result for cylon "toaster"

 

 

No no, those are tea makers. Pure Ceylon Tea is great!


2486 posts

Uber Geek
+1 received by user: 897

Trusted
Lifetime subscriber

  Reply # 1656872 24-Oct-2016 11:35
Send private message

Fred99: Get notice from ISP - please disconnect or secure your device "gizmobabycam" within 24 hours, or we'll disconnect your internet connection (or limit your upload bandwidth to 10kb/s until your devices are secure).

That will be a very expensive ordeal to deal with. As hand holding potentially tens of thousands of customers can through that will be time consuming and thus expensive.
Aren't ISPs supposed to just be shifting bits. Since now you're talking about port scanning customers and removing or limiting service. That could be interpreted as a privacy breach.





21632 posts

Uber Geek
+1 received by user: 4441

Trusted
Subscriber

  Reply # 1656875 24-Oct-2016 11:41
Send private message

Devices behind a router that cant have incoming connections still connect out to their cloud service to recieve commands. That is how they still work when they are not accessable.

 

I had a quick look at the trashy cheap cameras from the same company that made all the compromised NVR's that are in the news. They use a service called XMeye to be visiable from outside.

 

The communication with that seems pretty basic. There was some cleartext stuff coming back from the cloud, and it seems that any user is able to try to authenticate with the camera via the cloud service just knowing the cameras sequential cloud ID.

 

You can untick the cloud tickbox in the settings, but they still want to communicate with xmeye. Who knows what someone who has either control over that can send back, or what they can send just by going via it as an unauthenticated user?

 

Firewall doesnt do crap when the devices are connecting out to get their own payloads etc.





Richard rich.ms

13612 posts

Uber Geek
+1 received by user: 6372

Trusted
Subscriber

  Reply # 1656936 24-Oct-2016 15:08
Send private message

cynnicallemon:

 

 

 

The NetBSD toaster is the only toaster I have ever wanted,

 

 

 

 

 

 

Can one get fries with that?





Mike
Retired IT Manager. 
The views stated in my posts are my personal views and not that of any other organisation.

 

 Mac user, Windows curser, Chrome OS desired.

 

The great divide is the lies from both sides.

 

 


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.