Connect with us

Tech

These are the first passwords that hackers use to attempt to attack your device

Avatar

Published

on

Weitere Beweise dafür, dass die Verwendung schwacher oder vorgegebener Passwörter eine schlechte Idee ist: Sie sind wirklich das erste, was Hacker versuchen, wenn sie versuchen, an ein Gerät zu gelangen.

Das Sicherheitsunternehmen F-Secure verfügt über eine Reihe von Honeypot- oder Täuschungsservern, die in Ländern auf der ganzen Welt eingerichtet wurden, um Muster bei Cyberangriffen zu erkennen. Die überwiegende Mehrheit des Datenverkehrs zu diesen Servern ist das Ergebnis ihrer Entdeckung bei Internet-Scans durch Hacker, die nach Geräten suchen, auf die zugegriffen werden kann.

Das Unternehmen gab bekannt, dass der Verkehr mit diesen Honeypots in der zweiten Hälfte des vergangenen Jahres erheblich zugenommen hat. Er sagte, die Zunahme des “Angriffsverkehrs” spiegele die zunehmende Anzahl von Bedrohungen für IoT-Geräte (Internet of Things) wider.

“Der Datenverkehr von Honeypot wurde durch Aktionen gesteuert, die auf die SMB- und Telnet-Protokolle abzielten, was auf ein anhaltendes Interesse des Angreifers an der Eternal Blue-Sicherheitsanfälligkeit sowie an vielen infizierten IoT-Geräten hinweten daswenter.

Ihren Daten zufolge war der SMB 445-Port im Berichtszeitraum der objektivste Port, was darauf hinweist, dass die Angreifer weiterhin an der Verwendung von SMB-Würmern und Exploits wie Eternal Blue wie Trickbot interessiert sind. Telnet war auch ein gemeinsames Ziel, wahrscheinlich als Teil von Angriffen auf IoT-Geräte. Gilties gilt für SSH-Tests an Port 22, der einen sicheren Remotezugriff ermöglicht und üblicherweise mit einem vollständigen Administratorzugriff verbunden ist.

Sobald ein potenziell anfälliges Gerät entdeckt wurde, möchten Angreifer als Nächstes versuchen, darauf zuzugreifen.

Laut F-Secure war die Hauptoption “immer vorhanden” für Hacker “admin”, ein Passwort, das eigentlich für kein Gerät verwendet werden sollte, insbesondere für ein Gerät, das nicht mit dem Internet verbunden ist. Andere falsche Passwörter in der Liste sind ‘12345’, ‘Standard’, ‘Passwort’ und ‘root’. Letztes Jahr sagte das National Cyber ​​Security Center (NCSC) im Vereinigten Königreich, dass der einzige etwas kompliziertere “123456” 23 Millionen Mal bei Verstößen gefunden wurde.

Die von Hackern getesteten Passwörter spiegeln auch die Art der Geräte wider, auf die sie derzeit abzielen, sagte F-Secure: Die Liste der werkseitigen Standardkennwörter war die werkseitige Standardeinstellung für digitale Videorecorder und integrierte Geräte. Wie die Router

“Das brutale Erzwingen von Benutzernamen und werkseitigen Standardkennwörtern für IoT-Geräte bleibt eine effektive Methode, um diese Geräte in Botnetzen zu rekrutieren, die bei DDoS-Angriffen verwendet werden können”, war.

Vor kurzem hat das Vereinigte Königreich Richtlinien festgelegt, nach denen empfohlen wird, dass alle Kennwörter für Internetgeräte mit Verbraucheranschluss eindeutig sind und nicht auf universelle Werkseinstellungen zurückgesetzt werden können.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

Pixel 4a photo leaks indicate a simple budget phone

Avatar

Published

on

These first rumors about Pixel 4a could only have some weight. Photo leaks on Twitter and Reddit seem to show Google’s next economic phone in nature, and seem to confirm the previous claims. The worn out prototype 4a in the images apparently has no facial recognition and the dual cameras of the normal Pixel 4 in favor of a more conventional fingerprint reader and a single rear camera. There is a pinhole camera for selfies in the front, and Google keeps the headphone jack for those who can’t justify Bluetooth headphones.

Snapshots do not show much more about what is in the phone, although an available memory log suggests that you should still be satisfied with 64 GB of non-expandable memory. A 5.7 or 5.8-inch screen is expected to be equipped with a medium-sized Snapdragon processor (probably 600 or 700 series) to keep costs low and extend battery life.

It is not certain when Pixel 4a could arrive, especially given the outbreak of the corona virus, which affects the production of many companies. Now that I / O is canceled, Google is certainly not linked to a specific start window. However, it is hard to imagine that Google will wait a long time. The Pixel 3a served not only as an entry point for the Google smartphone line, but also as a way to keep the series fresh and in the spotlight while the main pixel was still in the middle of the cycle.

Continue Reading

Tech

Jonathan Kraft makes an unpleasant compliment to Bill Belichick: “Machine Learning”

Avatar

Published

on

BOSTON, Mass. – Soccer is not exactly known for being a leader in the world of sports analytics, but Patriot President Jonathan Kraft says that Bill Belichick’s own melancholic looks and short answers are behind the version of “machine learning” of the coach.

“I think if you want to use a soccer coach like Bill Belichick, who has been a soccer coach for 40 years, you may not call him data, but he has a steel trap in his head,” Kraft told Sloan Sports conference Friday analytics. “Every instance of everything you’ve seen: it won’t call it data and it won’t call it machine learning, but its brain is a machine and it’s machine learning. So you can call it old-school training – Bill probably wouldn’t call it machine learning, but that is exactly. “

Last season, Belichick, 67, told reporters that the analysis was not his “thing”, and that he puts “less than zero” emphasis on decision making.

“You can use these advanced websites wherever you want,” Belichick said in 2016. “I don’t know. I have no idea that I’ve never seen one. I don’t even want to look at one. I don’t care what they say … All metric pages and all that, I mean, I have no idea. You should ask a coach smarter than me. “

The annual Sloan conference, organized by the Massachusetts Institute of Technology, discusses advances and problems in the sports analysis industry. Kraft spoke with Commissioner Don Garber in a panel discussion about the success story of Major League Soccer.

Regardless of whether Belichick actively uses advanced analysis or not, Kraft emphasized that it would be silly to completely ignore the progress of the industry.

“I think the data should be part of the decision-making aids in everything you do,” Kraft said. “If you’re not ready to understand what’s out there, put your team at a competitive disadvantage.”

Jonathan Kraft is co-owner of the New England Revolution of MLS with his father Robert Kraft, who also attended the annual sports technology summit here. The younger force talked about the differences in the way the two sports use and use the data.


“On the football side of the house, the data is not used as often [as in football] to capture the content game by game.” I know that people talk about it all the time, they still don’t, ”said Jonathan Kraft. “You could look at certain trends and other things and probabilities related to certain decision-making tools, but I would say that in football it is one of several ingredients that come into a game plan, while in football I am now for coaches who they believe in him. ” , I think it could even be the main one, one of the two or three main controllers. “

Kraft says that, unlike the patriots, the revolution was always up to date with the analyzes.

“On the football side of the house, we hired our first data analyst more than a decade ago. I think maybe we were the first team in the league to have one, ”he said. “We monitor the movement of each player on the field, how passes are made, how teams perform in different thirds, and so on.”

Continue Reading

Tech

The new Intel chip failure threatens encryption, but Macs are safe

Avatar

Published

on

The vulnerabilities inherent in Intel chips have been a common problem in recent years, with fatal errors such as Meltdown, Specter and ZombieLoad that affect virtually all Intel-equipped devices.

In 2019, Positive Technologies security researchers discovered another problem with Intel chips. In particular, it is a vulnerability that affects the Intel converged security management engine, an important security feature in Intel technology and firmware that runs on Intel hardware.

In addition to loading and varying the BIOS and power management firmware, CSME also offers the “cryptographic base” for functions such as DRM (Digital Rights Management), TPM (Firmware-based Trusted Platform Module) technologies or the ID itself Intel enhanced privacy.

Intel released a patch in 2019 to fix the problem. However, Positive Technologies researchers have discovered that it is much worse than originally thought. New research published Thursday shows that the vulnerability could be exploited to recover a cryptographic root key, which could allow an attacker to access all the data on a device.

This could be a big problem for DRM protected media. If used aggressively, the error can be used to decrypt incoming or outgoing data traffic from the affected device. On a larger scale, it could be used on Intel-based servers.

Although Intel’s previous vulnerabilities affected Apple devices, this error does not affect newer Macs equipped with an Apple T1 or T2 chip. Because these chips are based on proprietary technology and are released before Intel chips, a user’s encryption keys are secure.

Of course, older Macs without a T-Series chip, or the current iMac family without the iMac Pro, may be vulnerable to exploitation, which may compromise FileVault encryption. The error is undetectable and Intel advises users to maintain the “physical possession” of their devices, since there is no way to use the attack vector remotely, for example, by clicking on an incorrect ad.

However, Intel notes that the tenth generation chips are safe from this. The vulnerability and others that they like are also one of the many possible reasons why Apple may soon switch its Macs to ARM-based processors.

Continue Reading

Trending

Copyright © 2017 Rebloco.com