According to kenzo, the modem includes a TR-064 server for LAN-based configuration, to allow ISPs to set up software on the device.
It's not supposed to be accessible from the internet, but apparently it is. TR-064 commands can be used, among other things, to fetch Wi-Fi security keys and to set up an NTP server that disables the modem firewall, thereby opening the administration interface on port 80. "By sending certain TR-064 commands, we can instruct the modem to open port 80 on the firewall," kenzo's post says. "This allows access to the web administration interface from the Internet-facing side of the modem.
The default login password for the D1000 is the Wi-Fi password.
This is easily obtained with another TR-064 command." A compromised modem could be used to attack other devices on the network or as part of a botnet. Last week, posting under the Twitter handle "Bobby 'Tables", Darren Martyn, a security researcher with Insecurity.net and former LulzSec hacker, appeared to confirm the vulnerability. A search [login required] using the Shodan vulnerability search engine suggests there are presently 63,828 vulnerable devices in Ireland, 62,251 of which are associated with Eir.
This is down from about 100,000 previously, according to kenzo. The Register sent inquiries to Eir but has not heard back. According to kenzo, two other Eir modems are vulnerable to the "Misfortune Cookie" vulnerability (CVE-2014-9222), ZyXEL models P-660HN-T1A_IPv6 and P-660HW-T1. kenzo observes that back when Eir went by Eircom, the company used Netopia modems that blocked port 7547 except for IP addresses assigned to its own management servers. Had the company done so for its D1000, the vulnerabilities would not have been exploitable. ® Sponsored: Customer Identity and Access Management
The number of enterprises with at least one security vulnerability is the highest in five years
London, UK - 9 November 2016 - Enterprises across the globe are refreshing their network equipment earlier in its lifecycle in a move to embrace workplace mobility, Internet of Things, and software-defined networking strategies.
In addition, their equipment refresh is more strategic, with architectural vision in mind.
But despite the higher refresh rate, networks are getting less secure, largely due to neglected patching.
These are some of the highlights in the annual Network Barometer Report today by Dimension Data.
First published in 2009, the 2016 Network Barometer Report was compiled from data gathered from 300,000 service incidents logged for client networks that Dimension Data supports.
Dimension Data also carried out 320 technology lifecycle management assessments covering 97,000 network devices in organisations of all sizes and all industry sectors across 28 countries.
Andre van Schalkwyk, Senior Practice Manager Network Consulting, Dimension Data said, “Since 2010, networks had been ageing.
This year’s Report reverses that trend, and for the first time in five years, we’re seeing networks age more slowly.
“Ageing networks are not necessarily a bad thing: companies just need to understand the implications.
They require a different support construct, with gradually increasing support costs. On the other hand, this also means that organisations can delay refresh costs,” says van Schalkwyk, and points out that ageing networks are unlikely to support initiatives such as software-defined networking and automation, or handle traffic volumes necessary for collaboration or cloud.
According to the Report, in Europe, Asia-Pacific, and Australia enterprises’ network age reduced in line with the global average, while in the Americas, the number of ageing and obsolete devices decreased much faster, from 60% in the 2015 Report to 29% in the 2016 Report.
This can be attributed to the release of pent-up spend following four years of financial constraint.
Van Schalkwyk said clients in the Americas appear to be refreshing networks with the new generation of programmable infrastructure.
In Asia-Pacific and Australia, equipment refresh occurred as part of data centre network redesigns.
In contrast to the global trend, in Middle East and Africa, the network age increased, possibly the result of economic uncertainty, particularly in South Africa.
Meanwhile, of the 97,000 network devices that Dimension Data discovered, the number of devices that have at least one known security vulnerability increased from 60% in the 2015 Report to 76% in the 2016 Report – the highest figure in five years.
In Europe the rise in network vulnerabilities has been very steep over the last three years, hiking from 26% in 2014 to 51% in 2015 and to 82% in the 2016 Report. Network vulnerability has also risen in organisations in the Middle East and Africa over the last three years.
In Australia, 87% of network devices have at least one known vulnerability.
In Asia-Pacific and the Americas, networks are slightly less vulnerable - respectively 49% and 66%, compared to 61% and 73% in the previous edition.
Other highlights in the 2016 Network Barometer Report include:
- The percentage of devices supporting IPv6 rose steeply from 21% last year to 41% this year, due to the increase in current devices in networks.
This allows organisations with newer networks to support their digitisation strategies by enabling connectivity for the Internet of Things, big data, analytics, and containerisation.
- Software-defined networking is coming soon, but not just yet. While there is market interest in software-defined networks, it’s early in the adoption cycle and today, few organisational networks are capable of supporting a software-defined approach.
In 2015 less than 0.4% of devices could support software-defined WAN and only 1.3% of data centre switches were SDN-ready.
- Incident response is 69% faster, and repair time 32% faster networks monitored by Dimension Data.
These numbers reduce by a further 55% and 36% respectively, when combined with Dimension Data’s service desk integration.
- 37% of incidents are caused by configuration or human error, which can be avoided with proper monitoring, configuration management, and automation.
 A security advisory is a notice issued by a manufacturer that they are aware of a security vulnerability on one of their products.
About Dimension Data
Dimension Data uses the power of technology to help organisations achieve great things in the digital era.
As a member of the NTT Group, we accelerate our clients’ ambitions through digital infrastructure, hybrid cloud, workspaces for tomorrow, and cybersecurity. With a turnover of USD 7.5 billion, offices in 58 countries, and 31,000 employees, we deliver wherever our clients are, at every stage of their technology journey. We’re proud to be the Official Technology Partner of Amaury Sport Organisation, which owns the Tour de France, and the title partner of the cycling team, Team Dimension Data for Qhubeka.
Visit us at http://www.dimensiondata.com
For more information
Charlotte Martin / Jonathan Mathias
020 3217 7060
Aidra was discovered infecting more than 30,000 embedded Linux devices in an audacious and ethically questionable research project that infected more than 420,000 Internet-connected devices in an attempt to measure the security of the global network.
As reported by the anonymous researcher, Aidra forced infected devices to carry out a variety of distributed denial-of-service attacks but worked on a limited number of devices. Linux/IRCTelnet also borrows telnet-scanning logic from a newer IoT bot known as Bashlight.
It further lifts a list of some 60 widely used username-password combinations built into Mirai, a different IoT bot app whose source code was recently published on the Internet.
It goes on to add code for attacking sites that run the next-generation Internet protocol known as IPv6. The best-of-breed approach "is driving a high infection speed of Linux/IRCTelnet (new Aidra) so it can [infect] almost 3,500 bot clients within only five days from the moment its loader was first detected," a researcher who goes by the handle Unixfreakjp wrote in a blog post reporting on the new malware. "To incarnate a legendary botnet code into a new version that can [target] the recent vulnerable threat landscape is really inviting more bad news."Like most IoT bots, Linux/IRCTelnet doesn't have what malware experts refer to as persistence.
That means that compromised devices are disinfected as soon as they're restarted.
Still, unless the rebooted devices are properly secured—by, for instance changing the default login credentials or disabling telnet connections—they are likely to be infected all over again. Once a device is infected, its IP address is stored so the botnet operator can re-infect it if it suddenly loses contact with the command and control channel. A recent volley of DDoS attacks launched from infected IoT devices has opened a troubling chapter for the Internet because the assaults are capable of delivering malicious data in volumes that were almost unimaginable just a few years ago. Linux/IRCTelnet is likely only the beginning of what could be a long line of next-generation malware that steadily improves its capabilities.
The proliferation of Internet-connected devices that by default are defenseless against these threats is bad news, indeed.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.
For these cases, JUNOSe patches are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and patch releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a patch release.
Although Juniper does not provide formal Release Note documentation for a patch release, a list of resolved defects are published via Patch Release Histories available on the download page.Modification History: 2016-10-12: Initial publication Related Links:CVSS Score:7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements:
Devices not configured to process IPv6 traffic are unaffected by this vulnerability.This issue was found during internal product security testing.Juniper SIRT is not aware of any malicious exploitation of this vulnerability.This issue has been assigned CVE-2016-4921. Solution:The kernel panic (PR 1017099) has been addressed in Junos OS 11.4R13, 12.1X44-D45, 12.1X46-D30, 12.1X47-D20, 12.3R9, 13.3R5, and all software releases listed below. However, a more complete IPv6 resource management improvement (PR 1037225) has addressed these resource exhaustion issues in the following software releases: 12.3X48-D30, 13.3R10*, 14.1R8, 14.1X53-D40, 14.2R6, 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D70, 16.1R1, and all subsequent releases.The two fixes for this issue are being tracked as PRs 1037225 and 1017099 which are visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.*Available end of Q4/2016. Workaround:Limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the router via IPv6 only from trusted, administrative networks or hosts. Implementation:How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.
For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.
Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2016-10-12: Initial publication Related Links:CVSS Score:7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Risk Level:High Risk Assessment:Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Acknowledgements: