[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)
Rod Veith
rod at rb.net.au
Fri May 31 11:29:56 EST 2013
To me, the critical phrase is "under active exploitation". How is that
decided and by who?
Rod
-----Original Message-----
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Joseph Goldman
Sent: Friday, 31 May 2013 10:20 AM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Analysis of the Carna Botnet (Internet Census 2012)
On the tail of this discussion, it seems members of the Google team are
advocating a particular stance on this issue:
https://threatpost.com/google-advocates-7-day-deadline-to-publicize-critical
-vulnerabilities/
On 29/05/13 17:14, Tim March wrote:
>
> On 29/05/13 4:31 PM, Joseph Goldman wrote:
>> I wouldn't say they were 'advocating' the technique, merely pointing
>> out it is the lesser of 2 evils. I'd much rather go through the
>> hassle of reconfiguring users routers than dealing with the fallout
>> of customer financial details being leaked from my system.
>>
>
> The least of all evils is that the carriers block ingress TCP:22/23
> unless otherwise specified while they work with the user base to clean
> things up. Internode do something along these lines where by default a
> bunch of known-bad ports are blocked and users can unblock them via
> web UI where required.
>
> I'm certainly not ADVOCATING malicious action... other than to say
> that, as we've discussed, it would be p!ss easy to execute en masse
> and that eventually someone will. What remains to be seen is how much
> work the carriers are willing to put in to fixing the issue before
> that happens.
>
> Exploiting a couple of thousand routers and dropping the user
> credentials would take about 5 minutes to automate and a couple of
> hours to run. I'm sure there's some CYBER JOURNOS at CYBER FAIRFAX
> that would run that CYBER HACKING CYBER STORY.... CYBER!
>
>> I would prefer more someone call me and say 'Hey, i found this on
>> your network, you should fix', but where's the lulz in that?
>>
>
> A colleague just dropped this post on "You need to fix" vs "LULZ!"
> that talks about his decision making process...
>
> http://www.troyhunt.com/2013/05/the-responsibility-of-public-disclosur
> e.html
>
>
>
>
> Regards,
> Tim "CYBER" March
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list