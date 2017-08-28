Someone Published a List of Telnet Credentials For Thousands of IoT Devices (bleepingcomputer.com) 28
An anonymous reader writes: A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons. The list includes an IP address, device username, and a password, and is mainly made up of default device credentials in the form of "admin:admin", "root:root", and other formats. There are 33,138 entries on the list, which recently became viral on Twitter after several high-profile security experts retweeted a link to it. During the past week, a security researcher has been working to find affected devices and notify owners or their ISPs. Following his work, only 2,174 devices still allow an attacker to log on via its Telnet port, and 1,775 of the published credentials still work. "There are devices on the list of which I never heard of," the researcher said, "and that makes the identification process much slower."
I almost always turn to google when trying to remember WTF the default settings are on a newly reset device like routers, modems, etc.
This would be something to blame on the people if they
a) knew the device used telnet
b) knew what telnet is
c) knew the device can be reached at all
If you want to throw dirt at someone, throw it at the assholes selling this garbage.
Yeah, I knew all those. It was my honeypot, you insensitive clod!
If you look in the right webpages, they'll tell you how to set up your personal data server, so you can access all your videos and documents from anywhere in the world without having to need a username or password to log in.
There's plenty of blame to go around. Shareholders, developers, their managers, the users... why shouldn't everyone share? Assign guilt to everyone involved by the amount of profit gained.
*slow clap*
Want me to sell you one that still gives me all the info I want about your lan?
Let me know when you get over ten million. Those IoT jobs have _tiny_ processors so your botnet has to have a whole lot of them to make it worth the hassle.
It doesn't take much processor speed to be an effective botnet bot. The limit is the network bandwidth, which can generally be saturated with little crunch.
Also: A "small processor" by today's standards is blazingly fast compared to those of even just a few years back. Typical IoT devices have plenty of processor speed, necessary to handle their netwo
I count 6 logins as even trying.
I saw a different list than is been seen now, it has been updated and the following is what I read
Any FBI / CIA / NSA logins? with there names as the login