| Rich Freeman on 29 Nov 2018 09:32:18 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Hackers are opening SMB ports on routers so they can infect PCs with NSA malware |
On Thu, Nov 29, 2018 at 12:18 PM jeff <jeffv@op.net> wrote: > > On 11/29/18 12:02 PM, Michael Leone wrote: > > Is UPnP routinely turned on, when you buy a new router? I didn't think > > it was. Which means you, or something on your LAN, turned it on, in the > > first place ... > > > > Same with the AWS buckets. Closed by default, so the people who > purposely open them have the enemy in-house (from my reading). It's > Shodan at the IT Corral. I imagine that client tool settings may be an issue here. I discovered a bucket with a public ACL earlier this week. Fortunately everything in it was encrypted anyway (I don't trust Amazon with my data, let alone the world), so it wasn't really a big deal, but if somebody figured out a working URL they could have run up a bill. I suspect that s3cmd may have set the wrong ACL at some point, or maybe I was just careless setting up the bucket. The bucket is quite old so I'm sure it has been through a few rounds of defaults. In the case of AWS you can set a bucket-level setting that overrides all ACLs inside to block public access, so at most you can grant access to named users. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug