On 30 October 2016 at 10:57, <tort...@arcor.de> wrote: > Take a look what is happening these days, please. A toaster was hacked within > one hour since connected to the internet: > > https://www.theatlantic.com/technology/archive/2016/10/we-built-a-fake-web-toaster-and-it-was-hacked-in-an-hour/505571/
Not that IoT security isn't terrible right now (cos it is), but that was a very artificial demo that a lot of people have gone a bit hysterical about. For starters, it wasn't a toaster at all; it was a VM, claiming to be a toaster, pretending to leave SSH exposed. And somehow everyone was astonished when an automated ssh scanner pinged it. If its banner message had claimed to be the ISS instead of a toaster, maybe we'd have seen news stories like "omg hackers pwned the space station in 40 minutes". SSH scanning across the whole net is just the norm, and has been for years. If anything, the surprising part is that it took 40 minutes for something to stumble across it - it was hosted in a well-known IP range (AWS) after all. Anyone putting up a box exposing root logins through SSH is kinda asking for what comes next. That article really felt like fear-mongering, I must be honest. -J -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk