back to article There's a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging

ESET researchers Olivier Bilodeau and Thomas Dupuy have found malware capable of compromising routers and embedded devices, seizing control of social networking accounts, and booting out competitors. The duo report the Moose malware exploits weak login credentials in the networking gear, and does not require vulnerabilities to …

Silver badge

Bit of a challenge

How the hell are we going to get the consumer market to install a real firewall/router along with a few VLANs and enable them to understand how to manage that lot?

It's only a matter of time before someone's pacemaker starts mining Bitcoin really slowly.

8
0

Re: Bit of a challenge

> How the hell are we going to get the consumer market[…]

We're not.

That is far too complicated. (And by "far" I mean: distance to the edge of the observable universe far, not round the corner to the chemist.)

Any solution needs to be easy enough that no user interaction is needed, and cheap enough that it becomes the default.

2
0
Anonymous Coward

He looks like Demis Roussos coming down off acid, but he's right:

http://www.theregister.co.uk/2015/05/25/stallman_windows_and_mac_are_malware/

Stallman makes a valid if perhaps less hyperbolic point; that many commercial software houses are notoriously focused on time-to-market and at best bolt security checks on at the end of development, if at all.

9
1

Except...

...one of Stallman's claims is that FOSS is 'better' because it is less prone to security issues thanks to the (trivially disproved) myth of the 'many eyes' approach. (Stallman's egotism in his Guardian rant really don't help his anachronistic* 'cause'. With friends like him, the GNU and FOSS communities really don't need enemies.)

Problem is, you need those 'many eyes' to be bothered to look into all that Open Source code first, and wading through yet another router's firmware is pretty bloody tedious and ranks right up there with writing user guides and translation work in its thanklessness. Nobody in their right mind would do it willingly, unless they were being paid to do so. If Heartbleed taught us anything, it's that it's really, really hard to get volunteers interested in doing the boring stuff.

Note that the article clearly states that the research was done—and paid for—by ESET. This wasn't a FOSS community effort. ESET would happily research and highlight flaws in proprietary software too given their line of work.

* (Open Source and all that "Free as in Speech" stuff made sense back in the 1970s and early '80s, when computers were still mostly the preserve of lab-coated folk who could actually program in rooms filled with Winchester disks and photogenic tape drives covered in blinking lights. It makes no sense today. What's important now is the _data_, not the code. As long as we can access our data, it matters not one whit whether the code that originally created it ceased being run a decade earlier. The code doesn't matter any more. It's become a disposable component of a much greater whole.)

7
15
Silver badge

Re: Except...

You are partially right, in that its hard to get anyone to understand stuff like cryptography in the first place, let alone to apply effort in to making it better by review and bug-fixing.

But you are also wrong in two very important ways:

Firstly having something open makes it a bigger risk to back-door, and certainly makes it very hard for anyone to be offering it and not to have the come-back if they were the one putting in back-doors or spyware. With COTS stuff you have to take it on trust, which is low these days, or to try and intercept all communications with wireshark or similar and to decode/decrypt them to find out what is happening. Are people willing to do that any more common that those willing to review open source code?

Secondly the idea that open source is not needed any more is utterly wrong, as today perhaps more than ever, we are seeing a "walled garden" approach to machines where some company decides what you can do with your own hardware, and what others are allowed to offer you. Similarly having data open only works if (a) the format is published AND correct, and (b) you have access to alternative software to make use of it. Without FOSS options there would be no pressure on the likes of MS, etc, to even pretend to offer open standards and protocols.

Remember how it took an EU anti-trust suite to get the SMB/CIFS protocol opened? Or how Oracle tried to sue Google on the basis that APIs should be copyright and thus no one can make interoperable code without a license?

17
1

Re: Except...

Further to Paul's reply, things like OpenWRT are fantastic for helping ensure we can sustain a better level of security (and features too) than any commercial router vendor cares to provide. I'd hate to see a world without such options.

6
0
Anonymous Coward

Re: Except...

@ sean

My intention was this was not a FOSS vs Closed debate but it was a point that security is often a shoddy afterthought as it's not in commercial interest. If product liability and consequential loss applied to commercial software in respect of security you can bet that it would suddenly become number one priority.

0
0
Coat

Mynd you, møøse bites Kan be pretty nasti

A Møøse once bit my sister... No realli!

3
0

Re: Mynd you, møøse bites Kan be pretty nasti

She was Karving her initials on the moose with the sharpened end

of an interspace toothbrush given her by Svenge - her brother-in-law - an

Oslo dentist and star of many Norwegian movies: "The Hot Hands of an Oslo

Dentist", "Fillings of Passion", "The Huge Molars of Horst Nordfink"...

4
0
Silver badge

Re: Mynd you, møøse bites Kan be pretty nasti

Møøse trained to mix concrete and sign complicated insurance forms by JURHORSTGG

Møøses' noses wiped by BJØRN IRKESTØM-SLATER WALKER

Large møøse on the left hand side of the screen in the third scene from the end, given a thorough grounding in Latin, French and "O" Level Geography by BO BENN

Suggestive poses for the Møøse suggested by VIC ROTTER

Antler-care by LIV THATCHER

0
0

Did I miss something important or does:

"The duo report the Moose malware exploits weak login credentials in the networking gear, and does not require vulnerabilities to be exploited."

get contradicted by:

"Vulnerable devices are those running the popular μClibc C library"

7
0
FAIL

I thoght tha too. Have an upvote!

1
0
Vic
Silver badge

There's no contradiction, if I've understood correctly.

The way in would appear to be weak (unchanged?) credentials and a router that is also open to the outside WAN.

Then, if the router is running μClibc, the exploit can take effect.

But I might have misunderstood...

Vic.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017