Serial Ports Flawed (and lifehacking, OVH, Skype)

Public service announcements–

Lifehacking: I’m still reading it & haven’t yet checked it’s (often incredible) claims, but if you’re interested in “lifehacking” as described here then “Supermemory” is a must — MUST — read. It has a long bibliography so you can check sources before deciding what to believe. (http://www.worldcat.org/title/supermemory-the-revolution/oclc/23139441)

OVH: If you or someone you know has a VPS on OVH, GTFO, they (one of the world’s largest providers of the things) have been pwned. (https://bitcointalk.org/index.php?topic=186902.msg1936161)

Skype: Hijacking accounts is absurdly easy, people are getting theirs hacked (& charges run up) six times a day by six DIFFERENT crooks, GTFO for the billionth time already. (http://community.skype.com/t5/Security-Privacy-Trust-and/URGENT-Skype-Support-Account-Security-Issue-CAN-AFFECT-ALL-USERS/td-p/1552372 https://news.ycombinator.com/item?id=5622045)

Right then…

That serial port on your humble little router? The one meant to receive the gentle, loving embrace of a serial cable connected to your laptop, so you can root around in peace and quiet? The one that presents its delicate virgin unauthenticated root shell secure in the knowledge that anyone wandering by only has the most benign of intents?

Yeah, you probably shouldn’t connect it to the highly pressurized system of informational raw sewage mixed with mathematical hydroflouric acid that we call the Internets.

Unfortunately, Rapid7 security researcher HD Moore has found that all too many people (at least 114,000) have done just that… courtesy a slate of devices that — get this — directly link the serial port to a given publicly accessible TCP port.

https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-offenders-widespread-flaws-in-serial-port-servers

“Over 114,000 unique IPs were identified as either Digi International or Lantronix serial port servers using the Simple Network Management Protocol (SNMP) with the community “public”. Over 95,000 of these systems were exposed to the internet through mobile connections such as GPRS, EDGE, and 3G. Another 14,000 unique IPs were identified running Digi, or Digi-based devices using Digi’s proprietary Advanced Device Discovery Protocol (ADDP). FTP banners were used to identify another 8,000 Digi devices. Another 500 Lantronix systems were identified using their telnet banners. Web server headers, SSL certificates, and telnet prompts were useful, but generally not conclusive on their own to identify serial port servers.”

Advertisements
%d bloggers like this: