madeye wrote:Interresting read, and somewhat scary. The only thing I have a difficulty understanding from the whitepaper, is how are they installing the exploit?
Outside my LAN there is no access to my server's ssh, so I hope I'm lucky not to be infected. I'll have to check tonight.
Thanks for sharing.
developer wrote:rest assured that if there is no entry to your ssh from outside your LAN, you are moreless safe.
What if they compromise your router through the various backdoors/hidden "management" ports discovered in the last few months in most widespread router models
jiml8 wrote:Hidden ports? Link, please. I have not heard about this.
So, the ports are there. But "hidden"? As in...a secret backdoor? I would love to know more about this.
Edit:
well, I found this... http://www.welivesecurity.com/2013/10/2 ... backdoors/
and there are a lot more articles too. Hmmm...
doktor5000 wrote:developer wrote:rest assured that if there is no entry to your ssh from outside your LAN, you are moreless safe.
Sure, as if ssh ("from outside the LAN") would be the only vulnerability / entry point for injections at all ...
Don't get me wrong, but an honest query from my point of view: If you don't provide any real/substantial value to the discussion, best don't add such comments.
What if they compromise your router through the various backdoors/hidden "management" ports discovered in the last few months in most widespread router models and compromise the internal NATing to access your box - then one probably can't rest assured, per your comment.
developer wrote:thats what firmware upgrades are for, if one upgrades his/her router's firmware as soon as they become available, nothing similar should happen
developer wrote:rest assured that if there is no entry to your ssh from outside your LAN, you are moreless safe.
doktor5000 wrote:Yes, but that one is about a (minor and pretty well-known WPS weakness AFAIUC) check the linked http://www.devttys0.com/2013/10/from-china-with-love/ and http://ea.github.io/blog/2013/10/18/tenda-backdoor/
That is pretty minor compared to the one I was referring to: https://github.com/elvanderb/TCP-32764
Do NOT miss the presentation! It's awesome - totally love that guy's sense of humor
https://raw.githubusercontent.com/elvan ... e_pptx.pdf
In addition you can conveniently search for routers with that port open and accessible: http://www.shodanhq.com/search?q=port%3A32764
doktor5000 wrote:If you read the above links (...)
zxr250cc wrote:Am I understanding that I am supposedly offering a bogus link? I hope I am misunderstanding that.
Site: mageia.org
Server software: Apache/2.2.23 (Mageia/PREFORK-1.mga1)
Vulnerable: Likely (known use OpenSSL)
SSL Certificate: Unsafe (created 1 year ago at Feb 7 00:00:00 2013 GMT)
Assessment: Wait for the site to update before changing your password
zxr250cc wrote:If you check mageia.org with the LastPass web site heartbleed checking function it shows mageia as being vulnerable. no?
viking60 wrote:In any case I would expect an announcement from the server responsible's on this "worst vulnerability in the history of the internet".
viking60 wrote:Basically an announcement that Mageia is not affected by the biggest vulnerability in the history of internet.
Are the "top dogs" waiting for a more important occasion?
Users browsing this forum: No registered users and 1 guest