Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Hollywood Hospital's Systems Held Hostage By Hackers ( 1

An anonymous reader writes: The Hollywood Presbyterian Medical Center, an “acute-care facility” located in Los Angeles, has had its computer systems compromised by hackers. The attackers are asking for 9,000 Bitcoin (approximately $3.6 million) in exchange for giving the hospital access to the systems again.

Submission + - sshPsycho-2 SSH attackers shutdown over the 2015 Christmas Holidays

CSG_SurferDude writes: It appears that as of December 26th, 2015, sshPsycho-2 (also know as Hee Thai attackers or Group 93) have stopped attacking from their primary subnets of 43.229.52*, 43.229.53*, 43.255.188*, and 43.255.189*. Their last recorded attack was at 11:52:06 PM, December 26th, EST. LongTail honeypots have received over 27 million login attempts from them between May and December, and for all their attacks to cease is highly anomolous! Full details are at and

Comment Re:Why is this a problem? (Score 2) 29

Multiple reasons why somebody would target these servers (BTW: I was at the talk. Their video is at . )

Anyways, IMHO, reasons:
1) As a gateway into the hospital so you can pwn servers to DDOS others
2) As a gateway into medical records so you can better phish, or possibly blackmail your targets

Comment Backbone providers need to do more to solve this.. (Score 1) 57

I'm seeing tons of attacks coming from China and Hong Kong ( ), but only Level 3 seems to be doing anything about blocking them Even though they'll never be able to block all the attacks, the backbone providers could at least slow them down.

Comment Interesting drop off of attacks from China today.. (Score 4, Interesting) 108

For what it's worth, shows a significant drop off of attacks from China yesterday (Thursday) and today (Friday). FYI: Longtail is an ssh brute force analysis program with 11 ssh honeypots live today. I've been getting almost 300,000 attempts per day, but only got about 75,000 yesterday, and 88,000 (so far) today.

Comment Hackers love admin accounts (Score 1) 52

I have an ssh honeypot analyzer at at Marist College and it shows that the second most popular account after root is "admin", and that the most common account/password tried is ubnt/ubnt.

Anybody who's been paying attention knows that default passwords on home routers are high on the bad guy's list of accounts to hack.

Submission + - LongTail@Marist shows sshPsycho SSH attackers moving to new IP addresses

CSG_SurferDude writes: LongTail Log Analyzer shows that as of May 4th, 2015, sshPsycho (also know as Hee Thai attackers or Group 93) have stopped attacking from their primary subnets. Their last recorded attack was at 12:06:11 AM, EST. This is most likely due to the efforts of Cisco and Level 3. Other traffic has shown a significant increase in activity that in many cases can be related to known ssh attack patterns that sshPsycho used from their primary class C networks. With over over 5 million attempts recorded and over 20 thousand "Attack Patterns" recorded and analyzed LongTail is able to show that they have picked up their toys and are now looking for a new playground to play in.

The LongTail SSH Honeypot AND the analysis tools are released upder GPLV2 and are available for BETA testing at GitHub

Submission + - LongTail shows sshPsycho causes 80% of SSH Brute Force attacks

CSG_SurferDude writes: Marist College in Poughkeepsie, New York, as part of their interest in computer and network security is now hosting LongTail, an ssh brute force attack analyzer. In addition to the standard "What passwords were tried", LongTail also analyzes and compares "Attack Patterns". With over 4 million attacks recorded so far, and over 17 thousand "Attack Patterns" recorded and analyzed, it appears that Cisco and Level 3's recent announcment about sshPsycho (also known as "Group 93") has done nothing to stop their brutal attacks. SshPsycho has control and strong influence over more hosts than are covered by Cisco's announcement. Possibly best of all, the SSH Honeypot AND the analysis tools are released upder GPLV2 and are available for BETA testing at GitHub

Comment Re:Use the bug to patch the bug (Score 1) 236

A) It should only update bash

B) Also run yum -y update bash

C) This has been discussed for years, and the general consensous has always been it's better to not patch their systems (allthough I disagree with that. If you left your system open, you're just asking for somebody else to patch it for you, IMHO)

Slashdot Top Deals

Riches cover a multitude of woes. -- Menander