Joe Greco wrote:
No, really, how bad an idea can it be to have a central database and a system that's allowed to remotely log in, configure, and update thousands of Internet-connected CPE? I mean, talk about making an attractive target.
No argument against the lack of wisdom regarding this cisco thing, but... As a botnet operator in the business of making money (and thus relying on the availability of your botnets) why go through the bother of compromising such system and creating a botnet (which will be rather quickly fixed once the breach is noticed) when you can do it easily enough sending out a simple email with the proper binary code attached, relying on the PEBKAC paradigm. ;-) This method has been proven to be very effective, considering many 100s of millions of zombie computers exist. Greetings, Jeroen -- Earthquake Magnitude: 4.6 Date: Wednesday, July 11, 2012 10:54:36 UTC Location: near the east coast of Honshu, Japan Latitude: 35.9986; Longitude: 140.9388 Depth: 27.40 km