Notices by Euph0r14 (euph0r14@infosec.exchange)

@ryanc talk about missing the forest because of the trees

Nice

@ryanc the key is not “too weak so nobody should trust it” this key is “everyone should try to factorize it on their laptop” to find the private key!

There’s a good chance you are able to!

@GossiTheDog @Euph0r14 @mttaggart @barubary @serghei yeah NoName, seems to be a bit of a bogeyman in Swiss news (or news in general).

But I don’t think that example relates to NoName, so I wonder how this came to be.

@GossiTheDog @Euph0r14 @mttaggart @barubary @serghei I tried doing some rudimentary german language searches for big DDoS attacks against Swiss companies and didn’t find something which would fit (would have certainly been in the news?)

Nothing mentioning 3 million devices.

I did find ddos attacks from ~2016 against Major Swiss online shopping sites, so maybe this could be meant? They went down for a few hours and could have done millions in damages.

@GossiTheDog @mttaggart @barubary @serghei

This news article claims this happened, but my guess is that what actually happened is this:

Journalists talks with guy from fortinet, fortinet guy explains how a bot net of 3 million devices took down a Swiss companies site, Journalists asks what devices, fortinet guy talks about different things (like smart home devices / iot) and mentions that even a smart toothbrush could be part of such a bot net.

And the rest is history.

@GossiTheDog The article says it’s true, I’m not sure what translating tools are outputting but I am german so I will translate a section:

(Rough translation from me:)

The electric toothbrush runs on Java, and without any warning or notice Criminals were able to install malware on it - just like 3 million other toothbrushes. One command is enough and at the exact same time the remote controlled Toothbrushes request the website from a Swiss company. The site collapses and is unresponsive for 4 hours. Causing damages in the millions.

An example that sounds like a Hollywood scene, but which really happened.

(German OG below)

Die elektrische Zahnbürste ist mit Java programmiert, und unbemerkt haben Kriminelle darauf eine Schadsoftware installiert - wie auf 3 Millionen anderen Zahnbursten auch. Ein Befehl genügt, und die ferngesteuerten Zahnbürsten rufen gleichzeitig die Website einer Schweizer Firma auf. Die Seite bricht zusammen und ist für vier Stunden lahm gelegt. Es entsteht ein Schaden in Millionenhöhe.
Das Beispiel, das wie ein Hollywood-Szenario daherkommt, hat sich wirklich so zugetragen.