Half a Million IoT Passwords Leaked
It is amazing that this sort of thing can still happen:
…the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.
Telnet? Default passwords? In 2020?
We have a long way to go to secure the IoT.
EDITED TO ADD (7/14): Apologies, but I previously blogged this story in January.
Allen • July 8, 2020 7:14 AM
I saw a good video from Bradley Spengler released this week titled “10 years of linux security”. It is on youtube. Its audience is Linux kernel developers, so it is highly technical and down in the details of kernel development, but a key takeaway is that Linux now has long term support kernels (more than 6 years) designed for IOT devices with almost no plan for security updates. Essentially, the maintainers are admitting security fixes won’t be back ported to IOT products.