[192264] in North American Network Operators' Group
Re: Death of the Internet, Film at 11
daemon@ATHENA.MIT.EDU (Jean-Francois Mezei)
Mon Oct 24 00:23:51 2016
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Jean-Francois Mezei <jfmezei_nanog@vaxination.ca>
Date: Mon, 24 Oct 2016 00:23:47 -0400
In-Reply-To: <CAEE+rGqKJmNFkwZAMs7BMQhnQi4i-ypEgPBqN4+MuiDdNqcAcw@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
A bit tidbits of information from:
> http://www.networkworld.com/article/3134035/chinese-firm-admits-its-hacked-products-were-behind-fridays-massive-ddos-attack.html
Chinese firm admits its hacked products were behind Friday's massive
DDOS attack
Hangzhou Xiongmai Technology, a vendor behind DVRs and
internet-connected cameras, said on Sunday that security vulnerabilities
involving weak default passwords in its products were partly to blame.
...
Because these devices have weak default passwords and are easy to
infect, Mirai has been found spreading to at least 500,000 devices,
according to internet backbone provider Level 3 Communications.
...
Xiongmai says it patched the flaws with its products in September 2015
and its devices now ask the customer to change the default password when
used for the first time. But products running older versions of the
firmware are still vulnerable.
To stop the Mirai malware, Xiongmai is advising that customers update
their product’s firmware and change the default username and passwords
to them. Customers can also disconnect the products from the internet.
##
Note: the company's web site does not (yet) show a press release.
Appears the information was sent to IDG via email.
