Nmap Development mailing list archives



Re: Using Nmap + NSE create an embedded scanning botnet (Carna)

On Mon, Mar 18, 2013 at 3:35 PM, Brandon Enright < bmenrigh () brandonenright net> wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just came across a very interesting page / paper: http://internetcensus2012.github.com/InternetCensus2012/paper.html

And CNET's journalistic geniuses have concluded that I was the one who hacked those 420,000 devices! http://news.cnet.com/8301-1009_3-57574919-83/what-420000-insecure-devices-reveal-about-web-security/ "In a Seclists posting yesterday, the researcher, Gordon Lyon, describes how he was able to take control of open, embedded devices on the Internet. He did so by using either empty or default credentials such as 'root:root' or 'admin:admin', indicating how a surprisingly large number of devices connected to the Web have no security to safeguard against a possible takeover. By taking control of the devices, the researcher effectively established a botnet -- which he called 'Carna'..." Since he found the full-disclosure post on my mailing list archive site, clearly I must be the hacker :). This has got to be the most bone-headed CNET move since they released the trojan Nmap installer on CNET Download.com.[1] Cheers, Fyodor [1] http://insecure.org/news/download-com-fiasco.html _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/

By Date By Thread

Current thread: