[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration
On 30 October 2016 at 10:57, <tortalk@xxxxxxxx> wrote:
> Take a look what is happening these days, please. A toaster was hacked within one hour since connected to the internet:
>
> https://www.theatlantic.com/technology/archive/2016/10/we-built-a-fake-web-toaster-and-it-was-hacked-in-an-hour/505571/
Not that IoT security isn't terrible right now (cos it is), but that
was a very artificial demo that a lot of people have gone a bit
hysterical about.
For starters, it wasn't a toaster at all; it was a VM, claiming to be
a toaster, pretending to leave SSH exposed. And somehow everyone was
astonished when an automated ssh scanner pinged it. If its banner
message had claimed to be the ISS instead of a toaster, maybe we'd
have seen news stories like "omg hackers pwned the space station in 40
minutes".
SSH scanning across the whole net is just the norm, and has been for
years. If anything, the surprising part is that it took 40 minutes for
something to stumble across it - it was hosted in a well-known IP
range (AWS) after all. Anyone putting up a box exposing root logins
through SSH is kinda asking for what comes next. That article really
felt like fear-mongering, I must be honest.
-J
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk