HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mmstr

no profile record

Submissions

Pros and Cons of Suns (1987)

dourish.com
1 points·by mmstr·3 anni fa·0 comments

comments

mmstr
·anno scorso·discuss
From the article:

"The discovery of the backdoor was made by cybersecurity specialists Andreas Makris (aka Bin4ry) and Kevin Finisterre (aka d0tslash), who published their findings in a detailed technical report late last week. The duo reverse-engineered firmware and conducted a hands-on analysis of the Unitree Go1 robot dog, revealing that each device ships with a preconfigured tunnel client that initiates a connection to CloudSail — a remote access platform developed by Zhexi Technology, based in China.

The researchers demonstrated that upon gaining access to the CloudSail API, which they did using a recovered API key, they could:

    List all connected devices and their IP addresses
    Establish remote tunnels to those devices
    Access the robot dog’s web interface with no authentication
    Use the robot’s cameras for live surveillance
    Log in via SSH using default credentials (pi/123)
    Move laterally within internal networks to which the robot is connected
Makris and Finisterre identified a total of 1,919 unique Unitree Go1 units that had connected to the CloudSail network. While most connections originated from Chinese IP addresses, a significant number were traced to academic and corporate networks abroad. Notable institutions included MIT, Princeton, Carnegie Mellon, and the University of Waterloo, among others. The researchers even observed some units connecting via Starlink, suggesting use in mobile or remote environments."
mmstr
·anno scorso·discuss
For those that don't know, GNU Shepherd is an init system (like systemd) written in Guile (a LISP), the unit files are written with Guile too.
mmstr
·3 anni fa·discuss
Context for people reading the comments:

CVE-2022-47966 is a Zoho vulnerability, while the other is a fortigate one, both are RCEs Both have had public PoCs published at least early this year, there's a bunch more of publicly known RCEs that are still unpatched and used by some tens of thousands of machines, according to Shodan
mmstr
·3 anni fa·discuss
If you want to read more about USENET through a criticism written while it was still used, I suggest to you the wonderfully anachronistic Unix Haters Handbook (https://web.mit.edu/~simsong/www/ugh.pdf), it starts to talk about USENET at page 131