Bimmerpost for iPhone and Android have just been updated with a host of bug fixes. If you've ever had trouble logging into it in the past, give it a try now!

  E90Post
 


ECS BMW
 
BMW 3-Series (E90 E92) Forum > BIMMERPOST Universal Forums > Off-Topic Discussions Board > Politics/Religion > DDoS Attack



Reply
 
Thread Tools Search this Thread
      10-22-2016, 08:42 AM   #23
MKSixer
Brigadier General
6031
Rep
3,932
Posts

Drives: 2015 BMW i8, E63 M6, 328d
Join Date: Jun 2015
Location: Southeast United States

iTrader: (0)

Garage List
2016 M4 GTS (Allotted)  [0.00]
2013 BMW 328d  [0.00]
2007 BMW M6  [5.00]
2015 BMW i8  [5.00]
Quote:
Originally Posted by jgoens View Post
As long as it doesn't affect Bimmerpost OT than everything is fine.
FTFY...get your priorities right.
__________________
Quote:
Originally Posted by jtodd_fl View Post
Hell, I get random sausage attacks when I go anywhere.

@[Nyet. Not Russian Hacker](contact:368080)
Ask me hacker question. Hacker question I get answer.
Appreciate 1
jgoens2554

      10-22-2016, 08:44 AM   #24
zx10guy
Lieutenant Colonel
1103
Rep
1,501
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by Greyfox View Post
Well, the news this morning it is being reported that hackers basically infected and took control of web enabled appliances (baby monitors, dvr's, refrigerators, etc) and turned them into a major bot net.

I remember a conversation/discussion with a group several years ago when appliance manufacturers started putting network capable devices in their products of when this was going to happen. Our group was divided between whether someone would start crippling the devices causing issues for people or figure out how to create a botnet. Guess we know now.
While we're on the topic of IT security, I stumbled on something a certain device connected on my home network was doing. At time, I had a Xerox Phaser 8560MFP/D printer. For some reason, every 15 minutes, the printer would wake up from its sleep mode. Well, this was annoying as anyone who knows about these printer types, when the printer wakes up, it goes through its heating cycle to prep the solid ink sticks. This constant wake cycle was causing my printer to use up the solid ink sticks unnecessarily.

Well, I got annoyed enough to slap on a hub between the printer and my switch and through on my laptop with Wireshark loaded on it. I did some packet captures and examined the collected data. To my surprise, I saw that my DirecTV DVR somehow scanned that network segment and found that my printer was there and had a web server. I saw HTTP GET queries from the DVR to my printer. I didn't bother trying to figure out what more the DVR was doing and isolated the DVR (now DVRs) on their own VLAN segment with a firewall in front preventing the DVRs from routing to any other part of my network except to the Internet.
Appreciate 0
      10-22-2016, 08:59 AM   #25
Greyfox
Colonel
Greyfox's Avatar
United_States
681
Rep
2,305
Posts

Drives: 2007 328xi E91
Join Date: Feb 2014
Location: USA

iTrader: (2)

Quote:
Originally Posted by zx10guy View Post
While we're on the topic of IT security, I stumbled on something a certain device connected on my home network was doing. At time, I had a Xerox Phaser 8560MFP/D printer. For some reason, every 15 minutes, the printer would wake up from its sleep mode. Well, this was annoying as anyone who knows about these printer types, when the printer wakes up, it goes through its heating cycle to prep the solid ink sticks. This constant wake cycle was causing my printer to use up the solid ink sticks unnecessarily.

Well, I got annoyed enough to slap on a hub between the printer and my switch and through on my laptop with Wireshark loaded on it. I did some packet captures and examined the collected data. To my surprise, I saw that my DirecTV DVR somehow scanned that network segment and found that my printer was there and had a web server. I saw HTTP GET queries from the DVR to my printer. I didn't bother trying to figure out what more the DVR was doing and isolated the DVR (now DVRs) on their own VLAN segment with a firewall in front preventing the DVRs from routing to any other part of my network except to the Internet.
But, how many of the general public would / could understand what was happening on a typical network?

This is my problem with it all. Manufacturers in the pursuit of monetary gain create these devices with disregard to what is even remotely considered securing the devices. It's not hard to program the setup on the device to force a person to change the password the first time you access it.
Appreciate 1
      10-22-2016, 09:07 AM   #26
zx10guy
Lieutenant Colonel
1103
Rep
1,501
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by Greyfox View Post
But, how many of the general public would / could understand what was happening on a typical network?

This is my problem with it all. Manufacturers in the pursuit of monetary gain create these devices with disregard to what is even remotely considered securing the devices. It's not hard to program the setup on the device to force a person to change the password the first time you access it.
No dispute there. The problem is two fold in my mind. People want easy. Security at its core is not easy. And you're right, manufacturer's place monetary gain (as is their very nature) as their primary goal. If manufacturer's place more stringent security requirements on their devices, their looking at losing out to the competition as users will flock to other devices which doesn't create that user experience hurdle. The other aspect is the manufacturer has to spend more on their customer/tech support as they'll undoubtedly get an increased amount of support calls.

I don't see this getting any better unless there's a national security standard by which consumer devices need to measure up to. The same that happens in medical with HIPAA, in financial transactions with PCI, and in Federal with FIPS 140-2/Common Criteria/UC-APL/etc.
Appreciate 0
      10-22-2016, 09:32 AM   #27
bdkinnh
Private First Class
47
Rep
134
Posts

Drives: 2017 M4
Join Date: Sep 2006
Location: Southern NH

iTrader: (1)

Quote:
Originally Posted by zx10guy View Post
No dispute there. The problem is two fold in my mind. People want easy. Security at its core is not easy. And you're right, manufacturer's place monetary gain (as is their very nature) as their primary goal. If manufacturer's place more stringent security requirements on their devices, their looking at losing out to the competition as users will flock to other devices which doesn't create that user experience hurdle. The other aspect is the manufacturer has to spend more on their customer/tech support as they'll undoubtedly get an increased amount of support calls.

I don't see this getting any better unless there's a national security standard by which consumer devices need to measure up to. The same that happens in medical with HIPAA, in financial transactions with PCI, and in Federal with FIPS 140-2/Common Criteria/UC-APL/etc.
Agree completely. People want devices to be easy and secure, but those two things don't go together. Something like this was inevitable, and will happen again. It isn't going to change until something serious happens, and a DDoS attack that only lasts one day isn't going to come close to motivating people to demand more regulation.

I had the same experience as you, but in my case it was security cameras. I noticed the FPS drop so I used Wireshark to find out they were trying to hit a Chinese IP address 100 times a second. I already had them on their own network so I wasn't flooding my main one, so they weren't successful, but still a pain in the ass to have to clean up.

Even if there were an easy way for people to monitor their own networks, most people wouldn't do it because information without the knowledge of how to use it isn't much help. A descent managed switch is easy enough to buy, but can you imagine how difficult it would be to teach someone how to use it that doesn't really want to know? Or even more difficult, trying to teach a non-technical person how to navigate Wireshark's (horrible) interface and (awesome) filters?

I already spend enough time as tech support for friends and family.
Appreciate 0
      10-22-2016, 10:00 AM   #28
Greyfox
Colonel
Greyfox's Avatar
United_States
681
Rep
2,305
Posts

Drives: 2007 328xi E91
Join Date: Feb 2014
Location: USA

iTrader: (2)

In some ways I do disagree that securing a device is hard. It just takes intelligence to design it into the system.

Yes, it takes a bit more by whomever is creating the system, but the manufacturer could turn that into a selling point that they go to the extra effort to protect the consumer.
Appreciate 0
      10-22-2016, 10:10 AM   #29
MKSixer
Brigadier General
6031
Rep
3,932
Posts

Drives: 2015 BMW i8, E63 M6, 328d
Join Date: Jun 2015
Location: Southeast United States

iTrader: (0)

Garage List
2016 M4 GTS (Allotted)  [0.00]
2013 BMW 328d  [0.00]
2007 BMW M6  [5.00]
2015 BMW i8  [5.00]
Quote:
Originally Posted by Greyfox View Post
In some ways I do disagree that securing a device is hard. It just takes intelligence to design it into the system.

Yes, it takes a bit more by whomever is creating the system, but the manufacturer could turn that into a selling point that they go to the extra effort to protect the consumer.
100% correct.

This would resonate with consumers. Like many of us, I'm tech support for my family and it would be really great is a little more intelligence went into the design to make it easier for the end-user. I'd pay up to 25% more for a highly secure system that was easier to implement.
__________________
Quote:
Originally Posted by jtodd_fl View Post
Hell, I get random sausage attacks when I go anywhere.

@[Nyet. Not Russian Hacker](contact:368080)
Ask me hacker question. Hacker question I get answer.
Appreciate 0
      10-22-2016, 10:29 AM   #30
1MOREMOD
2016 Track Days - 3| Ridge 1:52:24|Pacific 1:33:30
1MOREMOD's Avatar
United_States
5131
Rep
18,598
Posts

Drives: Race car->
Join Date: Mar 2009
Location: check your mirrors

iTrader: (5)

Quote:
Originally Posted by Zugzwang View Post
Looking forward to a wiki leak three days before the election that shows the time and date and location of these attacks coming from Hillary's camp.
Won't help she could shoot a toddler in the face on stage and deny and lie out of it.
Appreciate 1
      10-22-2016, 11:05 AM   #31
Haywood
I know a thing or 2 about a thing or 2...
Haywood's Avatar
United_States
1214
Rep
2,436
Posts

Drives: E36, 650i
Join Date: Oct 2008
Location: Fairfax, VA/LI, NY

iTrader: (11)

Garage List
2014 BMW 650i  [0.00]
1997 BMW e36 M3  [0.00]
Quote:
Originally Posted by 1MOREMOD View Post
Won't help she could shoot a toddler in the face on stage and deny and lie out of it.
And the Clinton News Network and MSNBC would ignore it and instead run a story about how Trump called a woman a "broad".
__________________
2014 Carbon Black 650i M-sport
1997 Alpine White e36 M3 (the old gal)
2013 Mineral White e92 M3 (sold )
Appreciate 0
      10-22-2016, 11:06 AM   #32
MightyMouseTech
Brigadier General
MightyMouseTech's Avatar
1950
Rep
4,591
Posts

Drives: 13 135i 6MT LeMans Blue MSport
Join Date: Feb 2013
Location: Ottawa, Canada

iTrader: (0)

Quote:
Originally Posted by 1MOREMOD View Post
Won't help she could shoot a toddler in the face on stage and still win
Fixed.
Appreciate 1
      10-22-2016, 12:09 PM   #33
bdkinnh
Private First Class
47
Rep
134
Posts

Drives: 2017 M4
Join Date: Sep 2006
Location: Southern NH

iTrader: (1)

Quote:
Originally Posted by MKSixer View Post
100% correct.

This would resonate with consumers. Like many of us, I'm tech support for my family and it would be really great is a little more intelligence went into the design to make it easier for the end-user. I'd pay up to 25% more for a highly secure system that was easier to implement.
We'd be willing to pay more because we know what we'd be paying for, and would be able to judge what is and isn't secure. Most people wouldn't be able to comparison shop and would buy on price.

If you increase WPA from 256 to 512, are you really twice as secure as before? On paper, sure - but in reality, no. The manufacturer would still be able to slap the "Now with more security!" label on the box and people that don't know any better would believe that they are better off.

People want change, but they don't want to change. Many people believe that forcing passwords to have a capital letter and number in their password is more secure, while XKCD has proven otherwise.

I doubt that the majority of people have enabled two-factor authentication if it was available, because it was 'just too much hassle'. Faced with that, and a demand that people have washing machines that can send e-mails as long as it doesn't cost more than the competition, I really can't blame the manufacturers.

Dissatisfaction is the impetus for change. Until enough people are dissatisfied, things aren't going to change.
Appreciate 1
      10-22-2016, 01:52 PM   #34
MKSixer
Brigadier General
6031
Rep
3,932
Posts

Drives: 2015 BMW i8, E63 M6, 328d
Join Date: Jun 2015
Location: Southeast United States

iTrader: (0)

Garage List
2016 M4 GTS (Allotted)  [0.00]
2013 BMW 328d  [0.00]
2007 BMW M6  [5.00]
2015 BMW i8  [5.00]
Quote:
Originally Posted by bdkinnh View Post
We'd be willing to pay more because we know what we'd be paying for, and would be able to judge what is and isn't secure. Most people wouldn't be able to comparison shop and would buy on price.

If you increase WPA from 256 to 512, are you really twice as secure as before? On paper, sure - but in reality, no. The manufacturer would still be able to slap the "Now with more security!" label on the box and people that don't know any better would believe that they are better off.

People want change, but they don't want to change. Many people believe that forcing passwords to have a capital letter and number in their password is more secure, while XKCD has proven otherwise.

I doubt that the majority of people have enabled two-factor authentication if it was available, because it was 'just too much hassle'. Faced with that, and a demand that people have washing machines that can send e-mails as long as it doesn't cost more than the competition, I really can't blame the manufacturers.

Dissatisfaction is the impetus for change. Until enough people are dissatisfied, things aren't going to change.
Sadly, this is true. Unless the market demands it, there will be no change from the status quo.
__________________
Quote:
Originally Posted by jtodd_fl View Post
Hell, I get random sausage attacks when I go anywhere.

@[Nyet. Not Russian Hacker](contact:368080)
Ask me hacker question. Hacker question I get answer.
Appreciate 0
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 02:13 PM.




e90post
Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST