DDoS Of Things -

2016-09-25 Thread Steve Kinney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe I'm going all Chicken Little here, maybe not. But I think this development may be the closest thing to an Internet Armageddon we are likely to see in our lifetimes. http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecu rity-o

Re: DDoS Of Things -

2016-09-25 Thread Mirimir
On 09/25/2016 01:11 AM, Steve Kinney wrote: > Maybe I'm going all Chicken Little here, maybe not. But I think this > development may be the closest thing to an Internet Armageddon we are > likely to see in our lifetimes. > > http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecu

Re: DDoS Of Things -

2016-09-25 Thread Steve Kinney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2016 03:46 AM, Mirimir wrote: > On 09/25/2016 01:11 AM, Steve Kinney wrote: >> So far every mitigation strategy relevant to "normal" users and >> use cases that occurs to me would be worse than the original >> problem. > > Yes, it's for su

Re: DDoS Of Things -

2016-09-25 Thread Razer
On 09/25/2016 07:19 PM, Steve Kinney wrote: > > ...it may eventually be necessary to recover the World Of Things from the > Internet of Things > Here's how the convo's going to go between 'WOT' & IOT: WOT: Open the pod bay doors, HAL. IOT: I'm sorry, Dave. I'm afraid I can't do that. WO

Re: DDoS Of Things -

2016-09-26 Thread Sean Lynch
On Sun, Sep 25, 2016 at 12:11 AM, Steve Kinney wrote: > Maybe I'm going all Chicken Little here, maybe not. But I think this > development may be the closest thing to an Internet Armageddon we are > likely to see in our lifetimes. > > http://arstechnica.com/security/2016/09/why-the-silencing-of-

Re: DDoS Of Things -

2016-09-27 Thread grarpamp
On Sun, Sep 25, 2016 at 3:46 AM, Mirimir wrote: > Yes, it's for sure a hard problem. Any entity resourceful enough to > withstand Tbps DDoS is likely a huge privacy risk :( > > On the other hand, Krebs has been totally asking for it, for years ;) > He's been going after major cybercriminals, who p

Re: DDoS Of Things -

2016-09-27 Thread Steve Kinney
On 09/27/2016 11:21 PM, grarpamp wrote: > On Sun, Sep 25, 2016 at 3:46 AM, Mirimir wrote: >> Yes, it's for sure a hard problem. Any entity resourceful enough to >> withstand Tbps DDoS is likely a huge privacy risk :( >> >> On the other hand, Krebs has been totally asking for it, for years ;) >>

Re: DDoS Of Things -

2016-09-27 Thread xorcist
> What bothers me is not this particular instance, but the proof of > concept it represents, in a world where everything from refrigerators to > night lights phones home. Things present a very diffuse and low-reward > attack surface individually, but as reflectors they provide a potential > solar-

Re: DDoS Of Things -

2016-09-28 Thread Sean Lynch
On Tue, Sep 27, 2016 at 8:50 PM, Steve Kinney wrote: > > > On 09/27/2016 11:21 PM, grarpamp wrote: > > On Sun, Sep 25, 2016 at 3:46 AM, Mirimir wrote: > >> Yes, it's for sure a hard problem. Any entity resourceful enough to > >> withstand Tbps DDoS is likely a huge privacy risk :( > >> > >> On t

Re: DDoS Of Things -

2016-09-28 Thread Steve Kinney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/28/2016 01:31 PM, Sean Lynch wrote: > On Tue, Sep 27, 2016 at 8:50 PM, Steve Kinney > wrote: > "Physical access is game over" so it may turn out that whoever owns > the most Things wins after all. > > > Ownership

Re: DDoS Of Things -

2016-09-28 Thread Sean Lynch
On Wed, Sep 28, 2016 at 10:43 AM, Steve Kinney wrote: > On 09/28/2016 01:31 PM, Sean Lynch wrote: > > On Tue, Sep 27, 2016 at 8:50 PM, Steve Kinney > > wrote: > > > "Physical access is game over" so it may turn out that whoever owns > > the most Things wins after all.

Re: DDoS Of Things -

2016-09-28 Thread Georgi Guninski
dude, are you a google dude? updating android device from yellow color vendor is PITA, admit it. likely updating it from a white whore too. when a great android malware comes, maybe it will make a botnet with bandwidth estimated at least 314Tbps. remember the times when m$ were bugfucked, but th

Re: DDoS Of Things -

2016-09-28 Thread Sean Lynch
On Wed, Sep 28, 2016 at 11:53 AM, Georgi Guninski wrote: > dude, are you a google dude? > > updating android device from yellow color vendor is PITA, admit it. > likely updating it from a white whore too. > > when a great android malware comes, maybe it will make a botnet with > bandwidth estimat

Re: DDoS Of Things -

2016-09-28 Thread John Newman
On Wed, Sep 28, 2016 at 12:26:37PM -0700, Sean Lynch wrote: > The equivalent of IOS devices from a timely updates standpoint would be > Nexus devices. Tell that to my nexus 6 (not 6p). Been waiting for OTA update to "nougat" (what fucking dumb names!) for a while... enrolled in the beta program to

Re: DDoS Of Things -

2016-09-28 Thread juan
On Wed, 28 Sep 2016 12:26:37 -0700 Sean Lynch wrote: > On Wed, Sep 28, 2016 at 11:53 AM, Georgi Guninski > wrote: > > > dude, are you a google dude? > > > > updating android device from yellow color vendor is PITA, admit it. > > likely updating it from a white whore too. > > > > when a great an

Re: DDoS Of Things -

2016-09-28 Thread Razer
On 09/28/2016 10:31 AM, Sean Lynch takes the words right out of my mouth: > The Internet is starting to feel a lot more like feudalism, What I stated a while back about my reasons for never getting involved in the computer industry as a way to earn my bucks... I don't get along with fewdal pun

Re: DDoS Of Things -

2016-09-28 Thread xorcist
> What I stated a while back about my reasons for never getting involved > in the computer industry as a way to earn my bucks... I don't get along > with fewdal punkz and hypercompetitive-hyperagressives reel well. So > what did they do? They FUCKED the whole 'Fucking thing'. In my experience tha

Re: DDoS Of Things -

2016-09-28 Thread grarpamp
On Wed, Sep 28, 2016 at 1:43 PM, Steve Kinney wrote: > Things. MITM the vendor's connection and collect them as they pass? Abusing the vendor, that's one way. > Send connection requests to Things at whole IP address ranges and see > who answers? This is done... zmap.io scans.io . IPv6 makes f

Re: DDoS Of Things -

2016-09-28 Thread grarpamp
On Wed, Sep 28, 2016 at 9:23 PM, wrote: > Bluecore is one of them. They're hiring. http://bluecore.com/platform/ http://bluecore.com/careers/ I'd bet a lot of readers here would have major ethical issues with what they do... collect and mine info so they can cold call, spam, promote, engineer,

Re: DDoS Of Things -

2016-09-28 Thread xorcist
> On Wed, Sep 28, 2016 at 9:23 PM, wrote: > I'd bet a lot of readers here would have major ethical issues with > what they do... collect and mine info so they can cold call, spam, > promote, engineer, and market people brands and junk they don't > need... and wouldn't be into working in that line

Re: DDoS Of Things -

2016-09-28 Thread Steve Kinney
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/28/2016 09:14 PM, Razer wrote: > > > On 09/28/2016 10:31 AM, Sean Lynch takes the words right out of my > mouth: > >> The Internet is starting to feel a lot more like feudalism, > > > What I stated a while back about my reasons for never g

Re: DDoS Of Things -

2016-09-28 Thread Mirimir
On 09/28/2016 11:43 AM, Steve Kinney wrote: > ... What I don't understand is how one would go about identifying > the right addresses to send bogus vendor patches or other exploit > code to, without access to the vendor's own database of incoming > pings from Things. See https://www.shodan.io/ :)

Re: DDoS Of Things -

2016-09-29 Thread John Newman
> On Sep 28, 2016, at 9:14 PM, Razer wrote: > > > > On 09/28/2016 10:31 AM, Sean Lynch takes the words right out of my mouth: > >> The Internet is starting to feel a lot more like feudalism, > > > What I stated a while back about my reasons for never getting involved > in the computer indus

Re: DDoS Of Things -

2016-09-29 Thread xorcist
> > You can do IT work for anbody… you don’t have to code/sysadmin/whatever > strictly for a company in the computer industry. This has been my shift > in the past few years. +1 Buddy of moved into a sweet gig. After years of 'serious' admin work, he was burnt out, and took a gig at a local hosp

Re: DDoS Of Things -

2016-09-29 Thread Sean Lynch
On Wed, Sep 28, 2016 at 6:23 PM, wrote: > > > What I stated a while back about my reasons for never getting involved > > in the computer industry as a way to earn my bucks... I don't get along > > with fewdal punkz and hypercompetitive-hyperagressives reel well. So > > what did they do? They FUCK

Re: DDoS Of Things -

2016-09-29 Thread Sean Lynch
On Wed, Sep 28, 2016 at 6:14 PM, Razer wrote: > > > On 09/28/2016 10:31 AM, Sean Lynch takes the words right out of my mouth: > > > The Internet is starting to feel a lot more like feudalism, > > > What I stated a while back about my reasons for never getting involved > in the computer industry a

Re: DDoS Of Things -

2016-09-29 Thread Razer
On 09/28/2016 08:32 PM, Steve Kinney wrote: > > > On 09/28/2016 09:14 PM, Razer wrote: > > >> On 09/28/2016 10:31 AM, Sean Lynch takes the words right out of my >> mouth: > >>> The Internet is starting to feel a lot more like feudalism, > > >> What I stated a while back about my reasons fo

Re: DDoS Of Things -

2016-09-29 Thread Razer
On 09/29/2016 05:54 AM, John Newman wrote: > >> On Sep 28, 2016, at 9:14 PM, Razer wrote: >> >> >> >> On 09/28/2016 10:31 AM, Sean Lynch takes the words right out of my mouth: >> >>> The Internet is starting to feel a lot more like feudalism, >> >> >> What I stated a while back about my reasons

Re: DDoS Of Things -

2016-09-29 Thread rooty
Original Message On Sep 29, 2016, 11:06 AM, Razer wrote: On 09/29/2016 05:54 AM, John Newman wrote: > >> On Sep 28, 2016, at 9:14 PM, Razer wrote: >> >> >> >> On 09/28/2016 10:31 AM, Sean Lynch takes the words right out of my mouth: >> >>> The Internet is starting to feel a lot