[Cryptography] Anyone else seeing an uptick in infected IoT devices? New botnet?
Ray Dillinger
bear at sonic.net
Wed Dec 7 22:44:52 EST 2016
On 12/07/2016 06:26 PM, Peter Gutmann wrote:
> Ugh, as soon as I saw the title of that first one I thought "TR-069", and
> sure enough:
>
> "incoming traffic destined for Port 7547 using communications protocols
> known as TR-069"
>
> If ever there was a protocol was designed to be insecure, it's that.
They talk about security and authentication, then go right into
how someone can use "shared secrets" ie, a default password, to
load new firmware on the device remotely.
~ ~
0 0
|
<_>
Yep, that's "calling all botnets" loud and clear.
Hooboy. We need to focus more on educating the public, don't we?
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161207/fd693150/attachment.sig>
More information about the cryptography
mailing list