[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

Rod Veith rod at rb.net.au
Fri May 31 11:29:56 EST 2013


To me, the critical phrase is "under active exploitation". How is that
decided and by who?

Rod



-----Original Message-----
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Joseph Goldman
Sent: Friday, 31 May 2013 10:20 AM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

On the tail of this discussion, it seems members of the Google team are
advocating a particular stance on this issue:

https://threatpost.com/google-advocates-7-day-deadline-to-publicize-critical
-vulnerabilities/

On 29/05/13 17:14, Tim March wrote:
>
> On 29/05/13 4:31 PM, Joseph Goldman wrote:
>> I wouldn't say they were 'advocating' the technique, merely pointing 
>> out it is the lesser of 2 evils. I'd much rather go through the 
>> hassle of reconfiguring users routers than dealing with the fallout 
>> of customer financial details being leaked from my system.
>>
>
> The least of all evils is that the carriers block ingress TCP:22/23 
> unless otherwise specified while they work with the user base to clean 
> things up. Internode do something along these lines where by default a 
> bunch of known-bad ports are blocked and users can unblock them via 
> web UI where required.
>
> I'm certainly not ADVOCATING malicious action... other than to say 
> that, as we've discussed, it would be p!ss easy to execute en masse 
> and that eventually someone will. What remains to be seen is how much 
> work the carriers are willing to put in to fixing the issue before 
> that happens.
>
> Exploiting a couple of thousand routers and dropping the user 
> credentials would take about 5 minutes to automate and a couple of 
> hours to run. I'm sure there's some CYBER JOURNOS at CYBER FAIRFAX 
> that would run that CYBER HACKING CYBER STORY.... CYBER!
>
>> I would prefer more someone call me and say 'Hey, i found this on 
>> your network, you should fix', but where's the lulz in that?
>>
>
> A colleague just dropped this post on "You need to fix" vs "LULZ!" 
> that talks about his decision making process...
>
> http://www.troyhunt.com/2013/05/the-responsibility-of-public-disclosur
> e.html
>
>
>
>
> Regards,
> Tim "CYBER" March
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog





More information about the AusNOG mailing list