--
John Larkin Highland Technology, Inc
jlarkin at highlandtechnology dot com
Precision electronic instrumentation Picosecond-resolution Digital Delay and Pulse generators Custom laser drivers and controllers Photonics and fiberoptic TTL data links VME thermocouple, LVDT, synchro acquisition and simulation
Hmmm. All of the ones I've setup have been on 192.168.x.x, and most of those aren't even on subnets that connect to the wider internet. Usually something wants NMEA 0183 wrapped in UDP or it only speaks NMEA over UDP and I need to get it as serial.
Oh well, sorry Civilization! My bad. :-O
So a computer security firm has managed to plant a story in "The Register", and you are not sophisticated enough to recognise it as spam.
You should restrain you passion for recycling bottom-feeding journalism. It makes you look gullible.
-- Bill Sloman, Sydney
and you are not sophisticated enough to recognise it as spam.
makes you look gullible.
You read it!
Jamie
and you are not sophisticated enough to recognise it as spam.
makes you look gullible.
We use the Lantronix Xport ethernet-to-serial gadgets in several of our products; it's PCB mounted and the size of an RG45+magnetics thing. You can password protect them, but we usually don't. The ones that we use support only one session at a time. If one of these is set up to be accessed from the outside world, tunneld in through a router, anybody can get in. And apparently someone can open a session, lose interest, and maybe leave the connection open for bad guys.
Cool.
-- John Larkin Highland Technology, Inc jlarkin at highlandtechnology dot com http://www.highlandtechnology.com Precision electronic instrumentation Picosecond-resolution Digital Delay and Pulse generators Custom laser drivers and controllers Photonics and fiberoptic TTL data links VME thermocouple, LVDT, synchro acquisition and simulation
and you are not sophisticated enough to recognise it as spam.
makes you look gullible.
I can't be rude about John Larkin posting yet more nonsense if I haven't had a look at it to make sure that it's nonsense.
Even John Larkin could post non-nonsense. The fact that he can't tell shit from shinola doesn't prevent him from finding shinola from time to time. This should be obvious, but I'm spelling it out just for you.
-- Bill Sloman, Sydney
The article is not just BS. I worked on retro fitting a system that connected, well let's call them "sensors", via serial lines. The sensors were in public environments. The units were connected to a terminal server that would reverse telnet back to a host and send ASCII "packets". However, you could escape out to the telnet prompt and if you knew what you were doing try and connect to other host on what ever network the terminal server might be on. The system would eventually signal an alarm that the sensor was not sending data but there was a nice window of vulnerability.
Sys Admins can be somewhat sloppy when they "think" their boxes are living on a protected network segment.
-- Chisolm Republic of Texas
Some really smart, really bad guys could build a huge database of unprotected things - refineries, power utilities, traffic lights, roller coasters, all sorts of facilities - and build a botnet to attack all of them at once. The attack on the Iranian centrifuges was like that, Internet into PLCs, probably through a serial link adapter of some sort.
We have an earthquake kit for situations like this.
-- John Larkin Highland Technology Inc www.highlandtechnology.com jlarkin at highlandtechnology dot com Precision electronic instrumentation Picosecond-resolution Digital Delay and Pulse generators Custom timing and laser controllers Photonics and fiberoptic TTL data links VME analog, thermocouple, LVDT, synchro, tachometer Multichannel arbitrary waveform generators
On Tue, 30 Apr 2013 09:42:52 -0700, John Larkin wrote: [snip]
It does not take really smart people. In a recent security news letter they pointed out that 60% of people that find a random USB stick in the parking lot will plug it into their work computer to look at what is on it. Put the company logo on the USB drive and the number goes up to 90%.
How many of you will pick up a USB drive at a trade show and just plug it in and use it? Hopefully that number is zero but that is wishful thinking....
-- Chisolm Republic of Texas
The real fools, of course, were those who designed an OS that automatically loads and executes random bits of code coming from such a support. That's either incredibly stupid or very devious, I'm not sure which. There's a saying to not attribute to malice what can be adequately explained by plain stupidity. Mmmmh.
Jeroen Belleman
Windows: when in doubt, execute it.
-- John Larkin Highland Technology Inc www.highlandtechnology.com jlarkin at highlandtechnology dot com Precision electronic instrumentation Picosecond-resolution Digital Delay and Pulse generators Custom timing and laser controllers Photonics and fiberoptic TTL data links VME analog, thermocouple, LVDT, synchro, tachometer Multichannel arbitrary waveform generators
The real fools are those that don't give a damn, and are too lazy to turn off auto-run.
That may be Larkin, but these people are have turned the problem into a money making opportunity:
ller
of
ort.
to
I turned it off. A client-supplied USB drive (with an assignment on it) still infected the MBR.
-- Cheers, James Arthur
making opportunity:
Not me, I'm a circuit designer.
I've read that there are many, maybe millions of online webcams that still have the default login passwords and stuff.
-- John Larkin Highland Technology, Inc jlarkin at highlandtechnology dot com http://www.highlandtechnology.com Precision electronic instrumentation Picosecond-resolution Digital Delay and Pulse generators Custom laser drivers and controllers Photonics and fiberoptic TTL data links VME thermocouple, LVDT, synchro acquisition and simulation
The default behaviour since, oh Win XP SP3, has been to *NOT* AutoRun. If a fool chooses to turn it on...
:
oller
l of
sort.
I believe that it is only autorun for usb drives that is turned off by default, CDROMs will still autorun and some usb drives pretent to be cdroms so they also autorun
-Lasse
making opportunity:
And until very recently quite a few US military "secure" computer networks. How else do you think the infamous Gary McKinnon got in?
If the monkeys can't be bothered to change well known industry standard default account passwords with superuser privileges then chaos results.
-- Regards, Martin Brown
There shouldn't *be* an auto-run! If you want to run something from a portable support, fine, but it should be a conscious decision, not an automated trap!
Jeroen Belleman
Yawn. Way old news, like 10 years old. At least in some of the circles that i run in. Still news to fools and pretenders all over though.
?-)
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.