nanog mailing list archives
Re: Cisco Update
From: Jeroen van Aart <jeroen () mompl net>
Date: Wed, 11 Jul 2012 13:04:37 -0700
Joe Greco wrote:
No, really, how bad an idea can it be to have a central database anda system that's allowed to remotely log in, configure, and update thousands of Internet-connected CPE? I mean, talk about making anattractive target.
No argument against the lack of wisdom regarding this cisco thing, but...As a botnet operator in the business of making money (and thus relying on the availability of your botnets) why go through the bother of compromising such system and creating a botnet (which will be rather quickly fixed once the breach is noticed) when you can do it easily enough sending out a simple email with the proper binary code attached, relying on the PEBKAC paradigm. ;-)
This method has been proven to be very effective, considering many 100s of millions of zombie computers exist.
Greetings, Jeroen -- Earthquake Magnitude: 4.6 Date: Wednesday, July 11, 2012 10:54:36 UTC Location: near the east coast of Honshu, Japan Latitude: 35.9986; Longitude: 140.9388 Depth: 27.40 km
Current thread:
- Re: Cisco Update, (continued)
- Re: Cisco Update Jeff Johnstone (Jul 05)
- Re: Cisco Update Ray Soucy (Jul 05)
- Re: Cisco Update Andriy Bilous (Jul 05)
- RE: Cisco Update Keith Medcalf (Jul 05)
- RE: Cisco Update Keith Medcalf (Jul 05)
- Re: Cisco Update Joe Greco (Jul 05)
- Re: Cisco Update Jeff Johnstone (Jul 05)
- Re: Cisco Update Jimmy Hess (Jul 05)
- Re: Cisco Update Randy Bush (Jul 05)
- Re: Cisco Update Joe Greco (Jul 07)
- Re: Cisco Update Jeroen van Aart (Jul 11)
- Re: Cisco Update Tyler Haske (Jul 11)
- Re: Cisco Update goemon (Jul 06)
- Re: Cisco Update Hank Nussbacher (Jul 06)