Posted by Steve Smith on
URL: http://friam.383.s1.nabble.com/Picture-of-the-Internet-tp7583065p7583068.html

Me parece increíble que 420.000 usuarios de Linux sean tan descuidados y no le presten el mínimo de atención a la más básica medida de seguridad como es tener un password  para ingresar al perfil. También es interesante ver el nivel de acceso de Linux en todo el mundo.

I can not believe 420,000 Linux users are so careless and do not pay the least attention to the most basic security measure is to have a password to enter the profile. It is also interesting to see the level of access of Linux worldwide.

I have read the paper (but only once through) and it appears that most if not all of the machines in question are in fact "embedded" computers running inside of printers, webcams, NAS devices, set-top internet devices (game consoles/Netflix boxes/etc) and even industrial control systems.   I do not see anywhere where "real computers" are excluded, I assume that they are (mostly) self-excluded by not having a telnet port open and/or having more security than no password or admin/admin or root/root as password.  

I would call this more of an exploit than a hack (if the difference matters)...   and the humility shown in the work and in the paper is surprising.   If you read deep enough, you will discover that a side-effect of this work was to take very limited steps to lame another botnet being deployed at the same time, known as "Aida".   All of the resulting data is available online ~.6TB worth...  I'll be interested in subsequent analysis!

My own work in the area is 6-10 years old and while I folllowed most of  the jargon and acronyms in the paper, I felt incredibly out of date!

- Steve

This researcher/engineer

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com