500 000 routers vunrable to exploit

Name
Email
Subject
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

File (hide): 76f366f5294569e⋯.png (50.28 KB, 730x188, 365:94, strength-in-numbers-botnet….png) (h) (u)

▶500 000 routers vunrable to exploit Anonymous 05/24/18 (Thu) 22:20:29 No.919522>>919525 >>919546 >>919547 >>919713 >>921153 [Watch Thread][Show All Posts]

https://blog.talosintelligence.com/2018/05/VPNFilter.html

and some NAS devices

▶Anonymous 05/24/18 (Thu) 22:24:43 No.919525>>919526

File (hide): f6512d781891671⋯.png (588.05 KB, 702x502, 351:251, 1526495366929.png) (h) (u)

>>919522 (OP)

the lat/long information it stores is strange, i could see that being useful for curating information regionally, etc, or just putting a place to a face.

▶Anonymous 05/24/18 (Thu) 22:35:58 No.919526

>>919525

It gets the ip for the server hidden in the image GPS EXIF

▶Anonymous 05/24/18 (Thu) 22:40:51 No.919529>>919532

Does this article say how the devices get infected? I haven't seen it yet.

▶Anonymous 05/24/18 (Thu) 22:43:00 No.919531

If you block photobucket it cant download the RAT

▶Anonymous 05/24/18 (Thu) 22:43:05 No.919532

>>919529

Never mind.

>At the time of this publication, we do not have definitive proof on how the threat actor is exploiting the affected devices.

▶Anonymous 05/24/18 (Thu) 22:45:40 No.919534

>The type of devices targeted by this actor are difficult to defend. They are frequently on the perimeter of the network, with no intrusion protection system (IPS) in place, and typically do not have an available host-based protection system such as an anti-virus (AV) package.

=We are unsure of the particular exploit used in any given case, but most devices targeted, particularly in older versions, have known public exploits or default credentials that make compromise relatively straightforward.=

more fearmongering by the (((security))) community

>The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues.

Buy (((Cisco))) Goy!

▶Anonymous 05/24/18 (Thu) 23:02:58 No.919546>>919554

>>919522 (OP)

Tl;dr? Can an affected router be transparently to its owner attacked and compromised via the internet-facing interface, even if the attacker doesn't know/is unsure if that router even is affected, or what kind of device it is?

▶Anonymous 05/24/18 (Thu) 23:03:45 No.919547>>919550

>>919522 (OP)

>talosintelligence

Are those the makers of the Talos II computers?

▶XO|XO} 05/24/18 (Thu) 23:06:14 No.919548

Why bother about the router, really?

I mean 90 percent of what you use it for is browsing, 100% if you don't do VOIP calls.

Making your browser, the primary target for most attackers.

Most routers can be privately exploited by a good coder.

The most common method of attack is javascript web hooks, which can compromise the entire system.

▶Anonymous 05/24/18 (Thu) 23:09:54 No.919550>>919551

>>919547

Talos Intelligence is literally a division of Cisco, they call it "Cisco Talos" and magically none of the routers they're kvetching about are Cisco routers, as they coincidentally point out, for totally innocent reasons.

▶Anonymous 05/24/18 (Thu) 23:11:07 No.919551

>>919550

So Linksys routers are affected, but I guess the "Linksys by Cisco" era ones aren't? Kek

▶Anonymous 05/24/18 (Thu) 23:15:54 No.919553>>919556 >>919558

Is the hardware itself affected? If not, is OpenWRT/LibreCMC/pfsense/Tomato vulnerable? If so, which versions? Can it infect them remotely, or do they have to exploit some LAN-facing machine first? Any symptoms you could easily detect? The article goes really in depth in the behaviour of the malware but it really says nothing interesting for your average sysadmin about it.

▶Anonymous 05/24/18 (Thu) 23:17:03 No.919554

>>919546

the article doesn't say anything about how the routers are initially infected.

▶Anonymous 05/24/18 (Thu) 23:19:09 No.919556>>919572 >>920987

>>919553

THERE ARE NO NEW EXPLOITS

All Cisco did is group together a bunch of previous exploits and then make a news story about it how all other routers are shit because of exploits (when they aren't updated) but you should buy Cisco(tm) routers instead because they aren't affected by these exploits.

THIS IS NOTHING BUT CORPORATE SHILLING

▶Anonymous 05/24/18 (Thu) 23:21:01 No.919558

>>919553

THEY DIDN'T EVEN BOTHER TO LIST WHAT EXPLOITS THEY ARE KVETCHING AGAINST

<We are unsure of the particular exploit used in any given case, but most devices targeted, particularly in older versions, have known public exploits or default credentials that make compromise relatively straightforward.

▶Anonymous 05/25/18 (Fri) 00:20:37 No.919572>>919573 >>919576

>>919556

To be honest the brands which were name (with the exception of Mikrotik perhaps) are rather consumer-oriented, is Cisco even still competing in this sector since they got rid of Linksys?

▶Anonymous 05/25/18 (Fri) 00:20:55 No.919573

>>919572

>name

*named

▶Anonymous 05/25/18 (Fri) 00:24:18 No.919576>>921156

>>919572

my "internet box"(idk what it is, a bridge I guess) from isp is cisco

▶Anonymous 05/25/18 (Fri) 00:35:27 No.919577>>919581

there are a lot more then 500 000 hackable routers in this world.

all of them are just run a bruter long enough and you get access.

▶Anonymous 05/25/18 (Fri) 00:41:25 No.919581

>>919577

Who said that they expose any remote access service to the outside world? If they don't, an attacker would have to exploit some sort of vulnerability which gets triggered by just sending certain packets to them, and to do such a thing they would need to know with pretty good accuracy what exact kind of device they are dealing with (and devices which drop all unsolicited inbound packets are usually rather difficult to fingerprint remotely).

▶Anonymous 05/25/18 (Fri) 01:16:01 No.919593>>919594

ironically, the number is several orders of magnitude higher than 500,000 and anyone who thinks otherwise has no idea how the router industry works (also not just consumer routers)

sage for homo "infosec" website

▶Anonymous 05/25/18 (Fri) 01:16:34 No.919594

>>919593

ooh i mean exploits in general, not one particular exploit

▶Anonymous 05/25/18 (Fri) 06:16:56 No.919713>>919716

>>919522 (OP)

>https://blog.talosintelligence.com/2018/05/VPNFilter.html

>The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues

= glownigger malware that escaped

Cisco are onboard with glownigger work for many years now

▶Anonymous 05/25/18 (Fri) 06:31:30 No.919716

>>919713

>Analysis of this RC4 implementation shows that it is identical to the implementation used in BlackEnergy, which is believed by law enforcement agencies to originate with a state actor.

Glowniggers Gone Wild II confirmed.

▶Anonymous 05/25/18 (Fri) 06:35:11 No.919719>>919721 >>920043

Why would a state actor not even be able to copypaste some correct RC4 code? Even gamedevs manage to handle that correctly.

▶Anonymous 05/25/18 (Fri) 06:43:24 No.919721

>>919719

It would be more accurate to state "it is incorrect or wrong for the assumed intent of the code as currently revealed."

▶Anonymous 05/25/18 (Fri) 12:39:59 No.919891

Bullshit confirmed:

https://www.msn.com/en-us/news/technology/cyber-firms-ukraine-warn-of-planned-russian-attack/ar-AAxHeFg?ocid=spartanntp

THE RUSSIANS™ going to hack champions league just like they did the american election !

▶Anonymous 05/25/18 (Fri) 19:04:19 No.920043

>>919719

no, they don't.

▶Anonymous 05/27/18 (Sun) 07:48:20 No.920984>>921133

Why is all of this so vague? ic an't find any information about what it does or how to know if something is affected or even things I can do to prevent this. Is this just another false flag? Does the NSA want us to reboot our routers to install their malwarrre?

WHY DOESN'T ANYONE KNOW WHAT'S HAPPENING REEEEEEEEEEEEEEEEEEE

WHY IS EVERY NEWS SOURCE THE SAME THING REPEATED OVER AND OVER

▶Anonymous 05/27/18 (Sun) 07:55:05 No.920987

>>919556

So this is all just another attempt to sell more "security" to the goyim?

▶Anonymous 05/27/18 (Sun) 15:32:20 No.921133

>>920984

>WHY IS EVERY NEWS SOURCE THE SAME THING REPEATED OVER AND OVER

either internet based news outlets are all owned by the same company or internet based news outlets only have 1 - 3 employees tops and no one wants to work so they copy paste everything. i know the latter to be true, but the former is an interesting thought if you're paranoid schizophrenic

▶Anonymous 05/27/18 (Sun) 16:13:26 No.921153

>>919522 (OP)

good thing that i dont have a router

▶Anonymous 05/27/18 (Sun) 16:22:39 No.921156

>>919576

most of them are running really old proprietary firmware. normal people change them only when they break.

/tech/ - Technology★

General

WebM

Theme

User JS

Do not paste code here unless you absolutely trust the source or have read it yourself!

Favorites

Customize Formatting

Filters