[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration
From: Jon Tullett <jon.tullett@xxxxxxxxx>
Date: Tue, 1 Nov 2016 15:26:43 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Nov 2016 09:27:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=zPKhjFUu2KfLOrvLWcVWODHC4eaPlyYdi9+CgaSqmRI=; b=qwO9L5zChYlGXKn8hzzsxwDxzGmmF42tD/MJNqQk0vYelqI50DsgeqeMaS7oILgdSL yz/fw2r5azg1bKT/6hgtcViNnqxyXrvUu54a/0iI72EfKPygQLeEGsgyGjm+AZ1y2+5h nUVZ/8rZGhR+tP4Nnd8aTceZJ7mVcwdw6T23IFA3iTbqJF9JRBB2Dtjng48AgLuFSqSq Pbq3ewmWy3nIP3WHPG9j63V5i+D67X7C1kXrPzrQTHUVu/RDeUgCT86AJ7AqbgBsVPgQ srmjSTymJ+PnqQG77Kg+XoZctPj5xxTiknqDFqd2MlVNj4VIfJRlWTvMD+WQlz6jK2eK 5OVw==
In-reply-to: <1111182522.807358.1477817824270.JavaMail.ngmail@webmail18.arcor-online.net>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1111182522.807358.1477817824270.JavaMail.ngmail@webmail18.arcor-online.net>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 30 October 2016 at 10:57,  <tortalk@xxxxxxxx> wrote:

> Take a look what is happening these days, please. A toaster was hacked within one hour since connected to the internet:
>
> https://www.theatlantic.com/technology/archive/2016/10/we-built-a-fake-web-toaster-and-it-was-hacked-in-an-hour/505571/

Not that IoT security isn't terrible right now (cos it is), but that
was a very artificial demo that a lot of people have gone a bit
hysterical about.

For starters, it wasn't a toaster at all; it was a VM, claiming to be
a toaster, pretending to leave SSH exposed. And somehow everyone was
astonished when an automated ssh scanner pinged it. If its banner
message had claimed to be the ISS instead of a toaster, maybe we'd
have seen news stories like "omg hackers pwned the space station in 40
minutes".

SSH scanning across the whole net is just the norm, and has been for
years. If anything, the surprising part is that it took 40 minutes for
something to stumble across it - it was hosted in a well-known IP
range (AWS) after all. Anyone putting up a box exposing root logins
through SSH is kinda asking for what comes next. That article really
felt like fear-mongering, I must be honest.

-J
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] What is the different between Official TorBrowser and Browser4Tor?
Next by Author: Re: [tor-talk] Cameras
Next by thread: Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration
Index(es):
- Author
- Thread