With existing tech? No.
-
-
-
this not feasible? https://twitter.com/munin/status/789702893385285632 …
Ce Tweet est indisponible. -
For the current botnet? Yeah. Once someone competent does this, nope - they can fix the vulnerability they exploited.
-
oh no
-
in the 'good' old days, an attacker would fix the hole they came in with, generally; and keep the machine to themselves
-
in this case there's no local storage and no patch, the device gets found and implanted, goes away w/ power
-
That's how it currently works, but there's no technical reason why it can't be made persistent
Fin de la conversation
Nouvelle conversation -
-
-
so. um. it is, kind of. randomly probe IP addresses. hit things with the default password. change the password.
-
basically: do what Mirai is doing, except in reverse. this isn't even unprecedented.http://www.ibtimes.co.uk/linux-wifatch-routers-hacked-by-white-hat-virus-that-makes-them-more-secure-against-malware-1522214 …
-
if you've authenticated in, you can do anything an authenticated user can do. this isn't a 0day, it's default pwords.
Fin de la conversation
Nouvelle conversation -
-
-
I mean, technically if you can compromise it you can patch it…
Merci. Twitter en tiendra compte pour améliorer votre fil. SupprimerSupprimer
-
-
-
Many devices not designed to be updated. Other options are liability, or baseline security testing required for FCC market approval.
-
FCC approval being required for electronics sold in the US, so it is an existing gateway that could be expanded? Who else has the remit?
Fin de la conversation
Nouvelle conversation -
-
-
@csoghoian as a fallback for companies that go belly up, let's give all governments the crypto keys to everything.Merci. Twitter en tiendra compte pour améliorer votre fil. SupprimerSupprimer
-
-
-
the Wyndham ruling is a start
Merci. Twitter en tiendra compte pour améliorer votre fil. SupprimerSupprimer
-
-
-
it might not even be desirable. something like a regular recall process for dangerous products could work, CPSC style
-
force is a weird word, usually can only do it by levying fines and those don't usually keep up. case by case = a lot of cases:(
Fin de la conversation
Nouvelle conversation -
-
-
maybe technically possible but in many cases there's no manufacturer to get the fix from. And we have no code.
Merci. Twitter en tiendra compte pour améliorer votre fil. SupprimerSupprimer
-
Le chargement semble prendre du temps.
Twitter est peut-être en surcapacité ou rencontre momentanément un incident. Réessayez ou rendez-vous sur la page Twitter Status pour plus d'informations.