Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Comment Re:Why is this a problem? (Score 2) 29

Multiple reasons why somebody would target these servers (BTW: I was at the talk. Their video is at http://www.irongeek.com/i.php?... . )

Anyways, IMHO, reasons:
1) As a gateway into the hospital so you can pwn servers to DDOS others
2) As a gateway into medical records so you can better phish, or possibly blackmail your targets

Comment Backbone providers need to do more to solve this.. (Score 1) 57

I'm seeing tons of attacks coming from China and Hong Kong ( http://longtail.it.marist.edu/... ), but only Level 3 seems to be doing anything about blocking them http://www.lightreading.com/se... Even though they'll never be able to block all the attacks, the backbone providers could at least slow them down.

Comment Interesting drop off of attacks from China today.. (Score 4, Interesting) 108

For what it's worth, http://longtail.it.marist.edu/... shows a significant drop off of attacks from China yesterday (Thursday) and today (Friday). FYI: Longtail is an ssh brute force analysis program with 11 ssh honeypots live today. I've been getting almost 300,000 attempts per day, but only got about 75,000 yesterday, and 88,000 (so far) today.

Comment Hackers love admin accounts (Score 1) 52

I have an ssh honeypot analyzer at longtail.it.marist.edu at Marist College and it shows that the second most popular account after root is "admin", and that the most common account/password tried is ubnt/ubnt.

Anybody who's been paying attention knows that default passwords on home routers are high on the bad guy's list of accounts to hack.

Submission + - LongTail@Marist shows sshPsycho SSH attackers moving to new IP addresses

CSG_SurferDude writes: LongTail Log Analyzer shows that as of May 4th, 2015, sshPsycho (also know as Hee Thai attackers or Group 93) have stopped attacking from their primary subnets. Their last recorded attack was at 12:06:11 AM, EST. This is most likely due to the efforts of Cisco and Level 3. Other traffic has shown a significant increase in activity that in many cases can be related to known ssh attack patterns that sshPsycho used from their primary class C networks. With over over 5 million attempts recorded and over 20 thousand "Attack Patterns" recorded and analyzed LongTail is able to show that they have picked up their toys and are now looking for a new playground to play in.

The LongTail SSH Honeypot AND the analysis tools are released upder GPLV2 and are available for BETA testing at GitHub

Submission + - LongTail shows sshPsycho causes 80% of SSH Brute Force attacks

CSG_SurferDude writes: Marist College in Poughkeepsie, New York, as part of their interest in computer and network security is now hosting LongTail, an ssh brute force attack analyzer. In addition to the standard "What passwords were tried", LongTail also analyzes and compares "Attack Patterns". With over 4 million attacks recorded so far, and over 17 thousand "Attack Patterns" recorded and analyzed, it appears that Cisco and Level 3's recent announcment about sshPsycho (also known as "Group 93") has done nothing to stop their brutal attacks. SshPsycho has control and strong influence over more hosts than are covered by Cisco's announcement. Possibly best of all, the SSH Honeypot AND the analysis tools are released upder GPLV2 and are available for BETA testing at GitHub

Comment Re:Use the bug to patch the bug (Score 1) 236

A) It should only update bash

B) Also run yum -y update bash

C) This has been discussed for years, and the general consensous has always been it's better to not patch their systems (allthough I disagree with that. If you left your system open, you're just asking for somebody else to patch it for you, IMHO)

To do two things at once is to do neither. -- Publilius Syrus