Joe Greco wrote:
No, really, how bad an idea can it be to have a central database and
a system that's allowed to remotely log in, configure, and update
thousands of Internet-connected CPE? I mean, talk about making an
attractive target.
No argument against the lack of wisdom regarding this cisco thing, but...
As a botnet operator in the business of making money (and thus relying
on the availability of your botnets) why go through the bother of
compromising such system and creating a botnet (which will be rather
quickly fixed once the breach is noticed) when you can do it easily
enough sending out a simple email with the proper binary code attached,
relying on the PEBKAC paradigm. ;-)
This method has been proven to be very effective, considering many 100s
of millions of zombie computers exist.
Greetings,
Jeroen
--
Earthquake Magnitude: 4.6
Date: Wednesday, July 11, 2012 10:54:36 UTC
Location: near the east coast of Honshu, Japan
Latitude: 35.9986; Longitude: 140.9388
Depth: 27.40 km
