Thursday, April 10, 2014

Many Devices Will Never Be Patched to Fix Heartbleed Bug | What Happened When One Man Pinged the Whole Internet

You probably haven’t heard of HD Moore, but up to a few weeks ago every Internet device in the world, perhaps including some in your own home, was contacted roughly three times a day by a stack of computers that sit overheating his spare room. “I have a lot of cooling equipment to make sure my house doesn’t catch on fire,” says Moore, who leads research at computer security company Rapid7

In February last year he decided to carry out a personal census of every device on the Internet as a hobby. “This is not my day job; it’s what I do for fun,” he says.

Moore has now put that fun on hold. “[It] drew quite a lot of complaints, hate mail, and calls from law enforcement,” he says. But the data collected has revealed some serious security problems, and exposed some vulnerable business and industrial systems of a kind used to control everything from traffic lights to power infrastructure.

Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Many of the two terabytes (2,000 gigabytes) worth of replies Moore received from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could let anyone take control of them.

A home science experiment that probed billions of Internet devices reveals that thousands of industrial and business systems offer remote access to anyone. 
  • Call response: The approximate location of some of the 460 million responses to a survey of Internet devices carried out by an anonymous hacker.  By Tom Simonite on April 26, 2013

1 comment:

  1. Booze Hamilton, NSA, Snowden and then the Heartbleed Bug, plus Ping the Internet, but of course.

    Web Log, Blog, Information Is Shared Openly Everywhere, Shock & Awe

    facebook isn't private and there's no such nonsense 'privacy' in the multi-polar uni-polar world earth.