Looks like we could have another mess coming on the anniversary Mirai virus.
https://www.wired.com/story/reaper-iot-botnet-infected-million-networks/amp
https://research.checkpoint.com/new-iot-botnet-storm-coming/
Looks like we could have another mess coming on the anniversary Mirai virus.
https://www.wired.com/story/reaper-iot-botnet-infected-million-networks/amp
https://research.checkpoint.com/new-iot-botnet-storm-coming/
This link http://seclists.org/fulldisclosure/2017/Mar/23 (which I am >not< claiming is a good source) lists 2 old Axis cameras, a HIKvision camera, a 3xLogic camera. Mostly it's low end stuff. Weird list, verify if you need to take action.
This link https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#rsa-lulz has descriptions of issues. At least one (the bypass where you can retrieve parameter files with no password) is a basic "you screwed up your web server interface" issue. Reproducing the compromise requires accurately typing in the URL in the notice - no programming required.
So... no obvious physical security "camerageddon" unless your camera vendor has shoddy web server software and you were crazy enough to hang your cameras on the public internet.
So... no obvious physical security "camerageddon" unless your camera vendor has shoddy web server software and you were crazy enough to hang your cameras on the public internet.
Sounds like we’re in for a rough ride :)
It seems like Reaper may have been way over estimated. The only thing unique about this Botnet is it's flexibility and use of leaked tools to spread.
(Pretty good summation of the issue from ArsTechnia)
https://arstechnica.com/information-technology/2017/10/assessing-the-threat-the-reaper-botnet-poses-to-the-internet-what-we-know-now/
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.