this post was submitted on 27 Sep 2023
399 points (97.2% liked)

Technology

59454 readers
4670 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 36 comments
sorted by: hot top controversial new old
[–] Bell@lemmy.world 61 points 1 year ago (3 children)

Maybe we could have a comprehensive tariff on goods that floats with the number of state-sponsored cyber crimes, human rights violations, etc. Hack our routers? The rate just went up 5%.

[–] xodoh74984@lemmy.world 49 points 1 year ago (1 children)

I think this is fair, but man the retaliatory tariffs for NSA backdoors would be atrocious

[–] SuckMyWang@lemmy.world 7 points 1 year ago

Working as it should be then

[–] 50gp@kbin.social 21 points 1 year ago (3 children)

better to block their goods form the market if they refuse to allow others to compete in theirs

cant sell your goods or software in china without local business taking cuts and trade secrets? well bad luck now you cant do business in the west either until you drop that shit

[–] BeMoreCareful@lemdro.id 8 points 1 year ago (1 children)

China has the infrastructure to produce, the population to produce it, and the government to build more. I don't think there's really anybody that can compete with that.

[–] LetMeEatCake@lemm.ee 10 points 1 year ago

People underestimate how much production other countries are capable of. Of course, China does dominate the manufacturing game, especially mass production.

There's no shortage of alternatives all the same. Vietnam in particular has been doing quite well taking manufacturing work that companies are moving out of China so as to diversify their production chain. India is rising on that front too. Not to mention that the west truly does far more manufacturing than people give credit for — I've found that nearly every category of general goods that I try to buy will have some US made options. That's not even touching the rest of the west. The big exception being electronics, but those have Vietnam and India as growing alternatives, with Taiwan, Japan, Malaysia, and Singapore all as solid players in that market.

The overall point being: it's entirely possible to remove China from the manufacturing chain if there's enough money behind the push. The US economy is probably large enough to do so with some meaningful struggle. The US and major allies could do so more easily. The difficulty is more political and temporal. Getting everyone on board and committed plus going through with the multi-year long process.

[–] Zima@kbin.social 6 points 1 year ago

I think that the most disappointing aspect of obama's presidency was that he did not do anything about china imposing those bullshit rules. he should have imposed some balance or outright make it illegal for those companies to put themselves in a situation where their ip's will be sucked dry.

[–] RobotToaster@mander.xyz 4 points 1 year ago

The one thing that could get Americans to revolt would be blocking them from getting cheap 50" tvs.

[–] bdonvr@thelemmy.club 16 points 1 year ago

American tech is gonna get way more expensive dang

[–] mvirts@lemmy.world 52 points 1 year ago

Lol. Ya don't forget to monitor the router for unauthorized network access........... in its logs, controlled by its firmware 😅

[–] halfempty@kbin.social 41 points 1 year ago (3 children)

"Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities. Cisco also said that the hacker’s ability to install malicious firmware exists only for older company products. Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware."

[–] Aqarius@lemmy.world 26 points 1 year ago

"Good news everyone, our old products are compromised, and the only solution is to buy new ones!"

[–] RobotToaster@mander.xyz 21 points 1 year ago

"China found the backdoors we installed for the NSA, buy our new product with different backdoors."

[–] Unaware7013@kbin.social 20 points 1 year ago (2 children)

I wonder if they're using default/hard coded creds (Ciscos have had a ton of them) or if its just bad password hygiene on the admins' part.

[–] partial_accumen@lemmy.world 24 points 1 year ago

Hardcoded creds seems like a really bad idea on a network appliance. If they MUST have hardcoded creds how about they only work when sent through a serial console at least your attacker would have to have local physical access to the device.

[–] ddkman@lemm.ee 9 points 1 year ago

I do agree, and Cisco immediately grabbed the occasion to push their shitty restrictive trusted boot policy. Which is worrying.

[–] Buelldozer@lemmy.today 35 points 1 year ago
[–] autotldr@lemmings.world 24 points 1 year ago (1 children)

This is the best summary I could come up with:


The threat actor is somehow gaining administrator credentials to network devices used by subsidiaries and using that control to install malicious firmware that can be triggered with “magic packets” to perform specific tasks.

In an advisory of its own, Cisco said the threat actors are compromising the devices after acquiring administrative credentials and that there’s no indication they are exploiting vulnerabilities.

Cisco also said that the hacker’s ability to install malicious firmware exists only for older company products.

Newer ones are equipped with secure boot capabilities that prevent them from running unauthorized firmware, the company said.

BlackTech members use the modified firmware to override code in the legitimate firmware to add the SSH backdoor, bypass logging, and monitor incoming traffic for “magic packets.” The term refers to small chunks of data the attackers send to the infected routers.

While they appear random and innocuous in system logs, these packets allow the attackers to surreptitiously enable or disable the backdoor functionality.


The original article contains 522 words, the summary contains 160 words. Saved 69%. I'm a bot and I'm open source!

[–] Taleya@aussie.zone 10 points 1 year ago (1 children)

The threat actor is somehow gaining administrator credentials

...lemme guess. Default logins.

[–] FaeDrifter@midwest.social 5 points 1 year ago (2 children)

We might never know how they managed to somehow to obtain the secret password ...1...2...3 ...4

[–] tslnox@reddthat.com 5 points 1 year ago

That's the same code I have on my luggage!

[–] Taleya@aussie.zone 3 points 1 year ago

No one will ever guess admin/admin, it's so blatanly obvious!

[–] ApeNo1@lemm.ee 13 points 1 year ago (1 children)

“You’re a hacker Harry”.

[–] SzethFriendOfNimi@lemmy.world 5 points 1 year ago (2 children)
[–] ApeNo1@lemm.ee 7 points 1 year ago (1 children)

It seems the spell suffered some packet loss.

[–] SzethFriendOfNimi@lemmy.world 7 points 1 year ago (1 children)
[–] metaStatic@kbin.social 3 points 1 year ago

Probably DNS

[–] SzethFriendOfNimi@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)
[–] SzethFriendOfNimi@lemmy.world 2 points 1 year ago (1 children)
[–] SzethFriendOfNimi@lemmy.world 2 points 1 year ago (1 children)
[–] SzethFriendOfNimi@lemmy.world 2 points 1 year ago (1 children)
[–] SzethFriendOfNimi@lemmy.world 6 points 1 year ago* (last edited 1 year ago) (1 children)
# #################
# Welcome to Hogwarts
# #################

root@licorice> 
[–] Gsus4@feddit.nl 1 points 1 year ago (1 children)
[–] SzethFriendOfNimi@lemmy.world 2 points 1 year ago
.
..
candies
students
projects -> students
[–] RizzRustbolt@lemmy.world 7 points 1 year ago

From the Grassy Node?

[–] HaggierRapscallier@feddit.nl 6 points 1 year ago* (last edited 1 year ago)

"Alohomora"

-- Li Dazhou