That's why I never use the Internet. I don't believe in it. Fucking commies coming for our machines.
That's why I never use the Internet. I don't believe in it. Fucking commies coming for our machines.
It sure messed with part of my job today. But a big part of my job lately is fucking around on Twitter.
I haven't looked into this very extensively, but I expect it is not really correct to say that all these sites were down due to the ddos attack. The beauty of attacking dyn is that it effectively makes the related sites unavailable because their addresses can't be resolved. If you had a valid ip address for any one of those sites, I expect you could reach it... But any functionality within a given site that required its own name resolution could have still been affected.
The IoT is a disaster waiting to happen. Very little thought goes into the network security features for refrigerators, garage door openers, run trackers, or other bullshit "smart" devices, as people figure there's not much data on those devices that would be worth stealing. But any device with a network card is a weapon in the wrong hands... You don't need a single device to generate a ton of traffic when you control a bot network that has 10,000,000 infected machines.
And don't even get me started on PLCs...
but it's so convenient!
Watching people speculate on the who and why is kinda funny.
Here is a conspiracy theory for you.
Most Electronics have open access to the internet that the end users has no idea exists.
Corporate entities have done this by design so they can quietly gather information about people, so they can sell them shit. -(Or sell the data to others)
Governments decided to exploit these same back doors to data for security (Collect information on everyone) for some future purpose. -(The Chicken or the Egg) Who's program was it?
As the number of devices capable of gathering data (Spying on you) has proliferated In your home in your car in your phone. More and more companies, Government and even Local ?Law-enforcement agencies have been accessing and using this data in increasingly intrusive ways.
These attacks might be a demonstration of just how widespread and vulnerable IOT is.
The Government and Corporate entities do not want to secure or block the privacy invasion. (They deployed it)!
The only way to effect change is to hit corporate America in the Wallet.
They only group with the power to effect change in the security of electronics (Restore Privacy) is Wall Street.
I would say a group who cares about privacy is behind these attacks.
The Target of the Attacks is the NSA and every group in-between that likes to collect peoples /data, conversations and Video without consent.
By using the everyday devices people buy and install in there homes, cars and carry around everywhere they go.
to attack Electronic profit centers.
They will force the powers that be to Secure said devices.
Tin Foil hat stuff Right?
So watch and see, when the next attack comes from phones and devices that use the Cell Phone networks and takes it down, of forces a large provider to cut its internet access to block an attack. -- then you will know.
Amazing what pops into my head @ 2AM sober.
Found This
https://www.rt.com/usa/363714-ddos-dns-attacks-hackers/
Last edited by MTT; 10-22-2016 at 04:51 AM.
Own your fail. ~Jer~
world war nerd
it will piss off the military nuts if the world ends in a power down followed by chaos and starvation instead of a rocket's red glare.
![]()
Attack Of The Smart TV's!!
![]()
Own your fail. ~Jer~
The only way to stop this is for people to change the default passwords on their items....
Never assume a conspiracy when incompetence explains it.
I can't say I've had any outages, but due to recent weather occurrences, or I guess stuff like this, some of my clients will not be able to reach a certain website all of a sudden. Always the one the client needs to run the fucking business too. Bike shop down the street can't hit the dealer website for a major bicycle company. Weirdly, I could still at my house, and we're talking literally a 3 short blocks.
Most recently was a doctor's clinic getting ready to open and they couldn't reach one of their web apps. Looks like they might have been based in the NW. I'm sure for the price they charge for a license, they could just move it all to Amazon Web Services or otherwise find some other data centers to keep that shit redundant.
It seems like, instead of being redundant, the system is a curious patchwork more like our power grid.
I hope this isn't a new trend. Not sure what someone gains by shutting down DNS. Seems kinda like shitting wear you eat. Assholes.
Amazing that this is now coming from toasters and fridges and shit. I know they've found ways to hack cars, so good luck everyone!
Distance from the site or distance from you which could reach sites means nothing in outages like happened yesterday. Amazon AWS was also affected from reports I saw and I had some reports of a web site I use daily (which is one of 2 that I know use AWS hosting or servers) not being available to others.
If it only was DNS issues, then as mentioned by stfu the sites should have and could be reached by IP address if not the name. Level3 which is a major player in business class internet and high end data links had quite a bit of red on their maps yesterday. Switching DNS servers to Google, OpenDNS, or a different ISP would also be a temporary fix if it was only DNS related. I think the full story of why some sites were hard down and some could reach sites others could not is still yet to be discovered. DDoS attack and a few other issues all came together yesterday to cause the outages.
http://downdetector.com/status/level3/map
It's unfortunate, but it's not stupid. You'd be astonished to see the list of devices that contain hard coded admin passwords, like nearly every "next gen" firewall that receives definition updates from the manufacturer for services like web/email filtering and atp/ips. Juniper networks had a hard coded password cracked not too long ago. I'm fairly certain that Sophos, Palo Alto, Fortinet, Barracuda, and many many others do the same. There are a variety of methods an update service can use to authenticate to all their client devices in the wild, but they all amount to the same thing.
It's basically impossible to have BMS without plugging in. I build hospitals for a living and the IoT is pretty scary. The hospital plant manager wants to check the status of the chiller from his iPhone, the generator manufacturer wants to be able to diagnose remotely without sending a tech, etc... But it is a matter of time before someone shuts down a hospital. Literally everything except for the fire alarm is running on the network.
On the converse side, I built a Navy hospital. The DOD is smart enough to not want anything on the Internet. All the equipment manufacturers had to go back to their old playbook, like running controls on 24v.
Best Skier on the Mountain
Self-Certified
1992 - 2012
Squaw Valley, USA
How hard is it to give the customer admin capability or at least a second key so that a human has to push a button when it's time to let the device chat with the manufacturer? I see what stfu is saying about everything amounting to a hard coded admin password if the manufacturer has to be able to contact every device in the wild. But unless those devices are being sold to Iran etc. I think the real issue is the assumption that the manufacturer must be able to do so without consent or knowledge of the user. It's either the problem or the solution. If manufacturers are keeping that right and de facto leasing their devices to customers, they ought to be responsible for how their devices are used, including by predictable hacks.
Electronic medical records are a marvelous thing--I would hate to have to practice medicine without one--and outages are surprisingly rare, especially considering my hospital was the test site for the EMR for northern california kaiser. But, you don't ever want to be a patient in hospital when the EMR goes down. All of a sudden nobody knows a fucking thing about you or your case, and I mean nothin.
Some years ago I rode a chair with a guy that was trying to get the industry to issue cards to people which (he said) stored your medical records on the card and were only accessible with your password. Showed me one that looked just like a chipped CC. Great idea if convenience ever stops trumping security. That's really what we're waiting for; hopefully before we learn some really hard lesson.
Every data center I have worked in has BMS system without any internet. If anything it dedicated dark fiber and even then rarely. I also work for a company that builds and operates it's own data centers. None of our BMS sees public internet. I don't know about hospitals maybe that's different. All our updates are done the old fashioned way. Direct connection to the controller or over the specific network the device lives on sans internet. It can be a pain, but imho a must.
Bookmarks