On 03/21/2013 01:36 AM, Cao Zhen (CZ) wrote: > Hi Hannes, > > Thanks for sharing this interesting work.
Yes, its interesting, but also ethically dodgy IMO. If you reboot 400k devices without permission then you probably do disrupt something important for someone. It could also be the case that some of the traffic their botnet generated also cost someone some money. > I have got a question but did not find an answer in the paper, how the > scanning agent can determine the target is an "embedded device"? Good luck getting answers from the anonymous author. I guess one thing that this wg could do would be to write up a document noting the admin/admin stupidity and e.g. the recent upnp camera findings and say "don't do that" and provide some recommendations on what embedded device manufacturers should do. But maybe doing work on busybox and associated distros to make those more secure by default might be more effective. S. > > Best regards, > zhen > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf Of >> Hannes Tschofenig >> Sent: Thursday, March 21, 2013 3:08 AM >> To: [email protected] >> Subject: [Lwip] Internet Census 2012 -- Insecure embedded devices >> >> Hi all, >> >> today I found this article and I thought I should share it with you given >> all the security discussions >> in the group: >> http://internetcensus2012.bitbucket.org/paper.html >> >> It is rather depressing. >> >> Ciao >> Hannes >> >> _______________________________________________ >> Lwip mailing list >> [email protected] >> https://w > > > > _______________________________________________ > Lwip mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/lwip > _______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
