Posts by Chris Stephens

Uhhhhh.... DARPA funded.. Ummmm... Didn't they already sell their soul ?

https://www.darpa.mil/about-us/timeline/debut-atlas-robot

Apple still has Google beat with its zero key keyboard

https://www.youtube.com/watch?v=9BnLbv6QYcA

I know exactly what happened..

Great video Comcast has this issue. They were working on fixing it this week. https://media.ccc.de/v/32c3-7133-beyond_your_cable_modem

Posted to FullDisclosure.

> -------- Forwarded Message --------

> Subject: Serious DOCSIS maintenance network issue

> Date: Sat, 23 Oct 2021 21:09:16 -0700

> From: Admin <admin@badmodems.com>

> To: xxxx@cablelabs.com, xxxx@cablelabs.com, xxx@cablelabs.com, xxx@cablelabs.com, xxx@cablelabs.com

>

>

>

> Hi all..

>

> You guys hate me First it was Puma and the badmodems.com list and now this..

>

> I am sorry to directly email you. No need to respond. Its OK, I understand its a legal thing. I wont email again. Sorry for this hassle. Sorry for a long read.

>

> There appears to be a very serious gap in your security best practices and policies that could result in a very widespread serious incident that could effect all DOCSIS systems worldwide and result in a worldwide incident.

>

> This appears to be from MSOs deploying horrendously bad security on the maintenance network.

>

> The issues are being discussed publicly. This thread begins with discussion of firmware and then turns to the maintenance network which appears to have little if any security implemented possibly because there is no modern published best practices for the maintenance network beyond something from the 1990's. https://www.dslreports.com/forum/r31122204-SB6190-Puma6-TCP-UDP-Network-Latency-Issue-Discussion~start=9780

>

> The maintenance network, which controls all the devices on a DOCSIS network, is susceptible to attack. In fact its nearly criminally negligent in its lack of security and appears to be based on 1990's security protocols of mostly security thru obscurity. .. A subscriber on the LAN side can determine his address on the maintenance network and can ping ANY CPE on the network as long as they are on the same ISP. The CPE are not walled off from each other in any way. This could result in a VAST compromise of the entire MSO network nationwide from a 0-day worm that self spreads via the wide open maintenance network connecting all devices. . . ALL susceptible devices on your network, 10's of millions, could be taken over in hours with a self spreading worm with a nearly impossible task of clean up and maybe a week of complete ISP downtime. This would also result in the largest loss of subscribers in history for cable as people flee to DSL and 5G that day trying to get internet. You would need new firmware for every device that addresses the issue, and getting new firmware will take weeks. All the susceptible CPE might be bricked with no hope of recovery once taken over. The current security practices are inadequacy. The news coverage would be devastating. Each modem/router could attack the subscriber side and scrape data and files. On the ISP side it would lock out all maintenance access and recovery of the devices, and the whole network, nearly impossible. It would setup a serious botnet - possibly the largest ever created when combined with the other top world wide ISPs. It might even result in a Ransom ware attack on a massive scale with all the CPE locked out from the ISP. A silent malware could spread stealthy and then sit on CPE and attack the subscribers quietly by doing fake DNS and even MiM attacks. This could already be the case. A botnet of CPE would be incredibly powerful

>

> This wide open gap appears to exist in most ISPs. So it is a CableLabs lack of proper security vision to keep up with modern threats by doing best practices for the maintenance network seems to be the main issue. 10G offers micronets and SDN containment of LAN devices,,, yet the ISP has nothing like it to protect its own network and its subscribers.

>

> Each ISP will need to do a 3rd party security audit and pentest of all the MSO's maintenance networks and secure them. The kinda emergency level, possible fairly easy temp fix is simple. Isolate each piece of CPE. Right now all CPE can see each other and spread worms. Simply doing a config change could wall off each device with NO downside. This might be able to be implemented maybe in a day. This alone would reduce the issue to nearly zero. BLocking access to the maintenance network from the subscriber is also key and most likely easy. MSOs REALLY need to do this and because these discussions are going on now, badguys could be reading, so RIGHT NOW is the time to secure MSO networks BEFORE a incident occurs.

>

> There may be simple quick solutions to avoid this doomsday scenario.. Make sure you read up to the current postings. https://www.dslreports.com/forum/r31122204-SB6190-Puma6-TCP-UDP-Network-Latency-Issue-Discussion~start=9780

>

> I will be following up to be sure you got this message.

>

> You can contact me for any further details or respond to this email.

>

> I am the guy who found the Puma issue. So you guys know I can be persistent and noisy. I would really like to hear that CableLabs is going to pursue a whole new approach to device security on the maintenance network including RAPID firmware deployment. EVERYBODY wins..

>

> Sorry for blasting the email. Sorry to start your monday kinda ruff. Think of it as a cool new feature.

>

> I have contacted all the top 10 MSOs and sent reports to the security teams. They are the guys who made this mess, but, they need a good best practice to follow and that does not seem to be there.

>

> Gone are the days of junk boxes with poor CPUs. MSOs are dropping POWERFUL devices with lots of RAM and Flash. They run Microsoft or Linux. They are connected to a massive bandwidth pipe. It looks possible to take over whole ISPs. These are prime targets no one has noticed yet apparently. Gone are the days of old.. These are high value targets and a bot net of incredible scale... Its time for a top down new approach to firmware and device security..

>

> Of course none of my doomsday scenarios most likely will ever happen.. And most likely everything is fine.. BUT MSO's can't just keep these maintenance networks so 1990s sloppy.

>

> IMHO..

>

> xxxxxx xxxxxxxxxx

>

>

>

I guess its good they don't know about this newly identified issue at all DOCSIS cable co's. It starts with discussions and then a MSO insider lets loose about the "maintence network connects EVERY device on the DOCSIS network and has no security. Its like a 16 million port switch tied to the LAN side. Modems are handing with SAMBA access... FIrmware is security from the 1990s'. All DOCSIS networks worldwide are WIDE OPEN to attack.. So now we just wait for a MSO to have all its CPE taken over and ransomware is called into action with 16 million set top box computers fully taken over by a worm in a hour and now scraping the clients networks for data and attacking the MSO. https://www.dslreports.com/forum/r31122204-SB6190-Puma6-TCP-UDP-Network-Latency-Issue-Discussion~start=9780

W T F,... This is so ADS CANT BE BLOCKED.. Right now you can DNS block ad sites. No longer with this tech. This tech is to make it impossible to block ads.. From the largest ad maker.... Why is that not in the story ?

The actual building https://www.google.com/maps/@51.5285632,-0.0779571,3a,75y,239.55h,93.84t/data=!3m6!1e1!3m4!1stJi4k469pMeiFN5shLCtDQ!2e0!7i16384!8i8192 The tattoo parlor referenced.. http://www.shalladoretattoo.com/contact

Nice story

As one of the people who found these issues and has worked tirelessly on this issue I really appreciate El Reg doing such a good job covering this. It has helped put pressure on Intel/ISPs/Modem vendors to get this all resolved.. The real issue is that firmware can ONLY be updated by the ISP. This 1970's era rule needs to go away and CPE needs to be able to be updated by users as well, like cell phones can be updated. PLUS of course Intel needs to completly redesign its "connected home" modem chip from the ground up. I operate a web site with a list of the modems effected.. http://www.badmodems.com/

I want one, but, I prefer Windows 7 for a bunch of reasons. Do any of these CPUs support Windows 7 ?

Imagine a class on this language. The teacher would be hilarious. The curriculum would be awesome. The discussions would be just awesome.. "Well if you lick johns balls here, you have to lick his cock too" Oh man... What a class.. I wonder if I could get certified in the language ?

Im so happy its this judge :) We have put a lot of effort into this over the last 8 months at DSLReports. Ive worked hard for this. Whats scary is the DoS https://www.theregister.co.uk/2017/04/27/intel_puma6_chipset_trivial_to_dos/ its completely unpatched and the exploit code is so easy grandma could do it. https://github.com/nallar/Puma6Fail/releases and 2 months after Intel Product security acknolodged the issue we still dont have a CVE despite its agreed to HIGH rating. No alerts from anyone. Ive never seen a public 0-day that effects millions with public trival code published that has no alerts after 2 months. Also the ISP/MSO hardware cant mitigate / block the exploit because of its streaming nature. So once a attack is started the modem stays offline until the IP is changed.

I rewrote the Cisco press release..

______________________________________

Cisco strives to deliver technologies and services that work. However recently, Cisco became aware that Intel planted a timed obsolescence feature into its Atom 2000 that affects a large number of expensive Cisco products. In all units, we have seen the Intel Atom CPU degrade over time. Although the Cisco products with this Intel CPU are currently performing normally, we expect product failures to increase over the years as Intel built this in to sell more chips, beginning after the unit has been in operation for approximately 18 months. Once the Intel Atom has timed out, the system will become a brick, will not boot, and is not recoverable. This requires the end user to buy a new product. The Intel Atom is also used by a huge number of other vendors on a large number of products.

We have identified all Cisco products that have Intel Inside and tried to work with Intel to quickly get a chip that works however they keep asking us to provide examples of the failure. All products shipping currently do not have this issue as far as we know. To support our customers and partners, Cisco will flog Intel and recall all units under warranty or covered by any valid services contract dated as of November 16, 2016, which have Intel Inside and shove them up Intel's ass. Due to the age-based nature of the failure and the crap ton of replacements, not to mention the cost, we will be prioritizing orders based on the products’ time in operation.

Q: When did you become aware of this issue?

Cisco learned about the timed failure and potential customer impacts due to this feature in late November 2016. Cisco and Intel have been working as quickly as possible to hide the impact and scope of the issue, create and test PR releases, and put in place a plan to hide Intel from lawyers without causing undue panic or effect Intel's stock price.

OMG Richard, Your my hero.. Keep these stories coming. Our only hope is the press making light of this Shit. I do want to point out tho that this same issue of poor coding, crappy foresight and asinine product planning is preset to some degree in almost every consumer device today. If its destined for a consumer, there is zero doubt its got serious security bugs that allow the device to be taken over. As just one example, BluRay players all have some old horribly outdated and never updated Java in them. https://en.wikipedia.org/wiki/BD-J

We need to not only address the IoS we need to address ALL of consumer electronics.

A UL for software needs to occur. We need to give software the same legal status as hardware and allow software companies to be sued. No more 50 page disclaimers. Software needs the same legal status as any hardware device, like a car.

https://en.wikipedia.org/wiki/List_of_software_bugs

You block this at the firewall. BUT you have to block all of microsoft and its other domains and never get updates again. I use Deep Freeze and a reboot cures all.

The NSA hackers wrote Win 10. And its naggy ware. Rest assured.. http://money.cnn.com/2015/02/17/technology/security/malware-nsa/

I have downloaded all the patches every issued for Win 7 up till the patches mentioned. I then install WIn 7 and use discs to update it. The reason is one day they will not support Win 7 anymore and I will want to still install and update it. So after a virgin install up to this point I Deep Freeze. Thats how im going to run for years to come. Im just never going to update or go to win 10. Ever. Even if i have to reinstall Wn 7 often. I will just make a image.

**ck Windows 10 and the NSA who are behind it.

Its not malware like, its the same guys who wrote

The very best performance vid for pong ever.

https://www.youtube.com/watch?v=_2Ck11LMuFc

All all humanites knowdge on one system

I can put 14 Hard discs in my computer the way its configured now. So I could have 56,000 GB..

Lets see... Thats ruffly 12,400 movies.. Its only 14 million MP3 songs..

Maybe its possible to have every piece of music ever written on one computer ?

I could buy a small rack enclosure about the size of a night stand and get 32 drives into it PLUS whats in my computer.

At that point I believe I could store the entire worlds total produced movies and music pretty easy with more then enough room for every printed book/magazine/paper..

Thats all with technology available right now.

You know soon it might be possible to get every bit of humanities total produced, everything, on one system pretty easy...

Wow all of mans knowledge collected in one place... Easily... Thats where the future is going. Looks like one day we will have EVERYTHING on a hand held device.

Kinda makes the value of the content pretty minimal when you can just buy EVERYTHING KNOWN TO MAN on one device. I could see that happening.

actual report cited in story

The report cited in the story

http://lsag.web.cern.ch/lsag/LSAG-Report.pdf

PET Game emulator

There are PET game emulators out there. Even one that runs on a xbox.

RE: Mozilla site 100% SSL

I personally think all web sites should just adopt SSL as how they work default for as much of the site as possible and practical,,, unlike now where its used for the smallest amount of time possible.

Lets not even discuss email being so non-secure while there are complete solutions already in place in all the client and server products currently in use.

The use of encryption and real authentication is WAY OVERDUE.

The tools for complete end to end encryption are available now. From a completely encrypted hard disc to SSL browsing & SSL email transmission. These require almost zero client awareness. Server to server SSL is available in Sendmail and Microsoft products.

If bandwidth is such a huge issue then use a low grade. Its still better then none at all. Change to a high grade on critical items.

Come on IT professionals, protect the clients and users.

AMX hardware has become self aware

The company mentioned makes corporate automation hardware with powerful computing engines which run a dedicated OS with god knows what in them.

http://www.amx.com/products/categoryNetLinxControllers.asp

They obviously all linked up and became self aware.

In fact this a important fact for the ROTM guru's i feel.

:)