Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Spamming Refrigerator

timothy posted about 6 months ago | from the silly-rabbit-spam-is-for-cans dept.

Spam 90

puddingebola writes "The 'Internet of Things' is as susceptible to malware and spam as the rest of the net. From the article, 'A fridge has been discovered sending out spam after a web attack managed to compromise smart gadgets...The spam attack took place between 23 December 2013 and 6 January this year, said Proofpoint in a statement. In total, it said, about 750,000 messages were sent as part of the junk mail campaign. The emails were routed through the compromised gadgets. About 25% of the messages seen by Proofpoint researchers did not pass through laptops, desktops or smartphones, it said.' Read Proofpoint's statement here."

cancel ×

90 comments

The Shape of things to Come! (1)

Anonymous Coward | about 6 months ago | (#45997741)

in the era of the 'Internet of things'.

Why didn't we shun the hipsters? Why? (5, Insightful)

Anonymous Coward | about 6 months ago | (#45997933)

I wish I could go back in time to 2005. I wish I could. I would warn the world about Ruby on Rails. I would warn the world about JavaScript. I would warn the world about the hipsters who come preaching those shitty, shitty "technologies". I would warn the world about the destruction these freaks would bring to our industry.

Would anyone listen? I don't know. Intelligent people probably would. They can inherently sense the stupidity of hipsters, JavaScript and Ruby on Rails, even without seeing them in action. But even if nobody listened, at least I could sleep knowing that I tried my best; that I wasn't complacent.

Hipsters and their web fanaticism has caused so much trouble. Website design is utter shit today (just look at the Slashdot beta website for proof of this). All sorts of devices are now "web-enabled" for no good reason at all, with disturbing consequences. Personal and private data harvesting is at an all-time high. Hipsters killed the GNOME desktop project with their half-assed GNOME 3 release.

I wish I could say that I'm an old man, screaming at the kids to "get off my lawn". But I'm just in my 30s! The computing industry truly has been destroyed so quickly by these hipsters, it's quite unbelievable.

I feel immense shame for not having noticed the hipster plague earlier. I feel self disappointment for not having spoken out sooner. It didn't have to come to this.

Re:Why didn't we shun the hipsters? Why? (1)

Anonymous Coward | about 6 months ago | (#45997979)

Would I listen to a time traveller, who didn't kill Hitler? Don't think so.

However I do agree with you. I wish the web belonged to the people whom created it, rather than the people who are currently abusing it.

Re:Why didn't we shun the hipsters? Why? (2)

Bugamn (1769722) | about 6 months ago | (#46001981)

How would you listen to a time traveller that killed Hitler? Either your timeline would be affected and you would have no idea about who is Hitler, or it wouldn't and you wouldn't believe him.

Modern Hitlerism (0)

Anonymous Coward | about 6 months ago | (#46006001)

Who in their right mind would listen to anyone who killed Hitler instead of Stalin or Mao (or why not go for the source: Marx).

How dumb are you?

Maybe killing an infant Mohammed would be even better for humanity but like a brain perfectly formed by a cookiecutter your aim is the least common denominator instant political correctness meta bad guy Hitler? "Bad socialist, bhhaaaad!"

Your neurons should be dying from shame.

Re:Why didn't we shun the hipsters? Why? (1)

Anonymous Coward | about 6 months ago | (#45998733)

I wish I could go back in time to 2005. I wish I could. I would warn the world about Ruby on Rails. I would warn the world about JavaScript. I would warn the world about the hipsters who come preaching those shitty, shitty "technologies". I would warn the world about the destruction these freaks would bring to our industry.

Would anyone listen? I don't know. Intelligent people probably would. They can inherently sense the stupidity of hipsters, JavaScript and Ruby on Rails, even without seeing them in action. But even if nobody listened, at least I could sleep knowing that I tried my best; that I wasn't complacent.

Hipsters and their web fanaticism has caused so much trouble. Website design is utter shit today (just look at the Slashdot beta website for proof of this). All sorts of devices are now "web-enabled" for no good reason at all, with disturbing consequences. Personal and private data harvesting is at an all-time high. Hipsters killed the GNOME desktop project with their half-assed GNOME 3 release.

I wish I could say that I'm an old man, screaming at the kids to "get off my lawn". But I'm just in my 30s! The computing industry truly has been destroyed so quickly by these hipsters, it's quite unbelievable.

I feel immense shame for not having noticed the hipster plague earlier. I feel self disappointment for not having spoken out sooner. It didn't have to come to this.

Thanks for thoroughly drilling that word into my brain today, dipshitster.

Re: Why didn't we shun the hipsters? Why? (1)

Descalzo (898339) | about 6 months ago | (#46006689)

Dihipster, you mean.

Re:Why didn't we shun the hipsters? Why? (0)

Anonymous Coward | about 6 months ago | (#45998791)

Say 'hipster' a few more times, you'll get more upboats.

Re: Why didn't we shun the hipsters? Why? (0)

Anonymous Coward | about 6 months ago | (#46006871)

say hipster 3 times in the mirror and bill gates appears

Re: Why didn't we shun the hipsters? Why? (0)

Anonymous Coward | about 6 months ago | (#46008193)

one thing Bill Gates can NEVER be accused of is being a Hipster, I'm pretty confident he never owned a black turtleneck

Re:Why didn't we shun the hipsters? Why? (1)

kelemvor4 (1980226) | about 6 months ago | (#45998957)

I wish I could go back in time to 2005. I wish I could. I would warn the world about Ruby on Rails. I would warn the world about JavaScript. I would warn the world about the hipsters who come preaching those shitty, shitty "technologies". I would warn the world about the destruction these freaks would bring to our industry.

Would anyone listen? I don't know. Intelligent people probably would. They can inherently sense the stupidity of hipsters, JavaScript and Ruby on Rails, even without seeing them in action. But even if nobody listened, at least I could sleep knowing that I tried my best; that I wasn't complacent.

Hipsters and their web fanaticism has caused so much trouble. Website design is utter shit today (just look at the Slashdot beta website for proof of this). All sorts of devices are now "web-enabled" for no good reason at all, with disturbing consequences. Personal and private data harvesting is at an all-time high. Hipsters killed the GNOME desktop project with their half-assed GNOME 3 release.

I wish I could say that I'm an old man, screaming at the kids to "get off my lawn". But I'm just in my 30s! The computing industry truly has been destroyed so quickly by these hipsters, it's quite unbelievable.

I feel immense shame for not having noticed the hipster plague earlier. I feel self disappointment for not having spoken out sooner. It didn't have to come to this.

You would have to go back to 1994 to predate javascript. Javascript is not related to "hipsters" as that term has only recently come to popularity.
Nice troll, though. You got a lot of responses, and even a couple of mod points!

Re: Why didn't we shun the hipsters? Why? (1)

DigiShaman (671371) | about 6 months ago | (#45999663)

Hipsters deserve to be shit on" These are the fuckwads that have a knack for knowing a whole lot of meaningless shit, and then look down on everyone else for not "getting it".

Re: Why didn't we shun the hipsters? Why? (0)

Anonymous Coward | about 6 months ago | (#46000939)

Obviously, u don't get it.

Re:Why didn't we shun the hipsters? Why? (0)

Anonymous Coward | about 6 months ago | (#46002939)

Would anyone listen? I don't know. Intelligent people probably would.

La, La, La, I'm not listening!

Re:Why didn't we shun the hipsters? Why? (1)

ebvwfbw (864834) | about 6 months ago | (#46008519)

..., JavaScript and Ruby on Rails, even without seeing them in action. But even if nobody listened..

We did, we did. I wouldn't allow Ruby on Rails on any of my machines. Even terminated a guy that ruby was all he knew. Javascript isn't nearly as evil as Java. There again we said it's evil. SUN pushed it as only SUN could. Microsoft tried to extend and make it crappy with their implementation to kill it. Didn't work either.

Yet good stuff that should make it doesn't. NIH - Not Invented Here syndrome.

Re:Why didn't we shun the hipsters? Why? (1)

BalthCat (2472732) | about 6 months ago | (#46098599)

Could you say hipster a few more times?

Re:The Shape of things to Come! (5, Funny)

Anonymous Coward | about 6 months ago | (#45998103)

The Shape of things to Come!

I remember the good old days working on computers that were the size of a refrigerator. I guess what goes around comes around.

Fridge spam (5, Funny)

Anonymous Coward | about 6 months ago | (#45997781)

Spam from a refrigerator? That's COLD!

Re:Fridge spam (1)

flyneye (84093) | about 6 months ago | (#45997825)

Spamming food coupons and Nigerian food scams.
" We have a side of beef in cold storage and if you could just send condiments, we will send you a box of T-bones for your participation."

Re:Fridge spam (1, Funny)

Toe, The (545098) | about 6 months ago | (#45997905)

Is Soviet Russia, spam sends refrigerator!

Wait a minute...

Re:Fridge spam (2, Funny)

mattie_p (2512046) | about 6 months ago | (#45997871)

Considering that I've never put spam into my fridge, it is indeed surprising to get spam from a fridge.

Re:Fridge spam (1)

Bing Tsher E (943915) | about 6 months ago | (#45999607)

The can is clearly labeled 'refrigerate after opening' but you probably gobble down the whole can.

I, personally, prefer WalMart's generic 'luncheon meat' to the real branded Spam. The WalMart stuff just tastes better.

Steer far clear of the Kroeger 'spam' though. Yech.

Re:Fridge spam (1)

mattie_p (2512046) | about 6 months ago | (#46000909)

The can is clearly labeled 'refrigerate after opening' but you probably gobble down the whole can.

I, personally, prefer WalMart's generic 'luncheon meat' to the real branded Spam. The WalMart stuff just tastes better.

Steer far clear of the Kroeger 'spam' though. Yech.

You imply that I open a can of the stuff. I store the cans in the root cellar with the rest of my survival goods for the inevitable apocalypse.

Re:Fridge spam (3, Funny)

Guppy (12314) | about 6 months ago | (#45998071)

Proofpoint Researcher: "Is your refrigerator running?"
Fridge Owner: "Yes?"
Proofpoint Researcher: "Well, you'd better go catch it!"

Re:Fridge spam--what's next GM? (1)

Anonymous Coward | about 6 months ago | (#45998411)

How long for the malware on your Frigidaire spreads to your other GM products?

News Headline: "Chevy Volt leading SPAMMER in America!"

Re:Fridge spam--what's next GM? (1)

Bing Tsher E (943915) | about 6 months ago | (#45999625)

Just last week I bought a Fridgidaire Dishwasher.

It has a mechanical timing control, though. Spammers ain't gonna infect a shaded-pole synchronous motor...

Re:Fridge spam (1)

Lamps (2770487) | about 6 months ago | (#45998441)

Cold, and not cool. A bit ironic...

So guys... (4, Insightful)

Mashiki (184564) | about 6 months ago | (#45997783)

Still think that hooking everything up to the intertubes is a great idea? I can't wait to see what happens with all those home alarms systems that are getting hooked up this way as well.

Re:So guys... (0)

Anonymous Coward | about 6 months ago | (#45997811)

Still think that hooking everything up to the intertubes is a great idea?

I blame the NSA for this one, this and the push for IPv6, they want to directly control our gadgets even if it means crooks can do it.

Re:So guys... (2)

game kid (805301) | about 6 months ago | (#45997917)

I don't mind my desktop or laptop hooked up via IPv6.

I do mind my fridge or power grid hooked up and controllable via IPvVERSION_NUMBER. I really don't need another reason to find my fridge doors suddenly full of ads, or my freezer's ice cube trays suddenly melted, or my bedroom suddenly ill-HVAC'd, or my Northeast US suddenly dark...yet again...

Re:So guys... (1)

causality (777677) | about 6 months ago | (#45998321)

I don't mind my desktop or laptop hooked up via IPv6.

I do mind my fridge or power grid hooked up and controllable via IPvVERSION_NUMBER. I really don't need another reason to find my fridge doors suddenly full of ads, or my freezer's ice cube trays suddenly melted, or my bedroom suddenly ill-HVAC'd, or my Northeast US suddenly dark...yet again...

This is one of those lessons that lots of people are just going to have to learn the hard way. A lot of completely predictable, entirely preventable problems are like that. Isn't our species great?

Re:So guys... (0)

Anonymous Coward | about 6 months ago | (#45998815)

This is one of those lessons that lots of people are just going to have to learn the hard way. A lot of completely predictable, entirely preventable problems are like that.

And the problems all seem to stem from someone trying to make a buck at the expense of the ignorant. If only we had a way to prevent leeches from preying on the uninformed.

Re:So guys... (1)

causality (777677) | about 6 months ago | (#46002135)

This is one of those lessons that lots of people are just going to have to learn the hard way. A lot of completely predictable, entirely preventable problems are like that.

And the problems all seem to stem from someone trying to make a buck at the expense of the ignorant. If only we had a way to prevent leeches from preying on the uninformed.

Actually those leeches are a symptom and the ignorance itself is the problem. You will never run out of symptoms if you don't deal with the root problem.

Re:So guys... (1)

Anonymous Coward | about 6 months ago | (#45997821)

Still don't see why I need a refrigerator hooked up to the internet. If my food spoils while I'm hundreds of miles away I can do fuck all about it. I don't think we'll ever get to the point practically where we can inventory everything that goes into the fridge so that I know I'm running low on eggs or whatever.

But yes, the hooking up of alarm systems to the net is going to be a boon for hacking. The smart-arsed kids will set off the alarm remotely. The criminals will remotely disable the alarm, or make them into spam machines. Hooray future...

Re:So guys... (4, Informative)

mikael (484) | about 6 months ago | (#45997907)

They were talking about this idea 18 years ago, in the mid 1990's. The idea was that all food packaging would have RFID tags with use-by-dates. The fridge could then send you emails telling you that various items were going to go off soon, or that you were going to run out of something. Then you could drive home from work and go to the nearest supermarket, or send the list would be sent automatically to a delivery company like Peapod, who would then do a delivery.
It seemed a perfectly good idea for those with Hollywood sized kitchens with a freezer the size of a double bay garage, but for the rest of world who have little R2D2 sized fridges as part of energy efficiency programs, it really wasn't much use.

Though, it took me by surprise when my neighbors TV set (Philips 8000 series) appeared in awifi scan. Apparently, these sets can do wifi mirroring (Miracast) where the screen output is sent to other media devices, and vice versa.

First world problems (1, Insightful)

Toe, The (545098) | about 6 months ago | (#45997925)

Does seems like a bit of a disconnect that we're worried about the electronic security of our net-connected fridges when much of the world is more concerned with the existence of food, let alone what device it goes into let alone how well that device monitors the rfid chips of each bit of it.

Re:First world problems (1)

Anonymous Coward | about 6 months ago | (#45998053)

What a stupid comment.

You are reading and writing this on Slashdot, a website dedicated to tech exotica. It is almost by definition a place intended for those who are assured of having regular meals and healthcare checks and literacy and owning multiple computers (e.g., news for /nerds/).

Why are you surprised that "first world problems" would be discussed here?

Should we only discuss "serious" problems like how to get fresh water or to keep the local warlord from raping our daughters until the third world gets its act together? Should we completely ignore the implications of these "first world problems" until that mythical time when all the world is brought up to our level? Why bother having a site like Slashdot in that case?

Re:First world problems (1)

Anonymous Coward | about 6 months ago | (#45998181)

You're right on the mark.

Holy shit, it's unbelievable how hipsters have to bring their ultra-politically-correct shenanigans into EACH AND EVERY discussion, no matter how unrelated they are.

It's not the First World's fault if Third Worlders continue to live in shitholes. It's not First Worlders to blame for Third Worlders not making even the slightest effort to improve their situations. It's not the fault of the First Worlders if Third Worlders continue to shit out one child after another, even when it's clearly unsustainable and unnecessary.

"Toe, The" should take his politically correct bullshit back to reddit. Maybe the losers there give a damn about it. Here, we shouldn't, and most of us don't. We in the First World can't do anything to help those in the Third World who refuse to help themselves.

Re:First world problems (1)

Toe, The (545098) | about 6 months ago | (#45998299)

Well, that's a rather harsh commentary, which is probably why you both hide behind AC. I said, "Does seems like a bit of a disconnect..." I am not exactly advancing a political agenda.

There is no limit to the number of posts a slashdot conversation can permit. So why do you get so upset when I politely and mildly mention one aspect of an issue. Do I somehow diminish the quantity of other comments?

Chill. And expand your mind. A little meta-analysis never hurt a conversation.

Re:First world problems (1)

causality (777677) | about 6 months ago | (#45998343)

What a stupid comment.

You are reading and writing this on Slashdot, a website dedicated to tech exotica. It is almost by definition a place intended for those who are assured of having regular meals and healthcare checks and literacy and owning multiple computers (e.g., news for /nerds/).

Why are you surprised that "first world problems" would be discussed here?

Should we only discuss "serious" problems like how to get fresh water or to keep the local warlord from raping our daughters until the third world gets its act together? Should we completely ignore the implications of these "first world problems" until that mythical time when all the world is brought up to our level? Why bother having a site like Slashdot in that case?

A lot of people don't recognize that working to help those who are in poverty is useful and might constructively reduce suffering, while talking to those who are not impoverished and trying to make them feel bad about it is useless, childish, and changes absolutely nothing.

We've had the ability to feed, clothe, and shelter every last man, woman, and child on this planet a few times over ever since the Industrial Revolution. The fact that we haven't done so is why, if there are any advanced aliens who can travel here, they have wisely decided that we're not worth meeting.

Re:First world problems (1)

russotto (537200) | about 6 months ago | (#45998773)

A lot of people don't recognize that working to help those who are in poverty is useful and might constructively reduce suffering

Might. But probably won't, if history is any guide. Probably just trying (and failing) to shame those of us who aren't is actually less harmful. The New Testament got this much right: the poor will always be with us.

(This message brought to you by the Institute For Fatalism. Believe us or not, it's not like we can change your mind)

Re:First world problems (2)

hairyfeet (841228) | about 6 months ago | (#45998947)

The problem is as long as religions exist that say safe sex is bad and multiplying good? All you are doing is breeding more poverty. I don't know how much hate I've gotten for daring to say we should offer a one time payout of a couple grand for women to get their tubes tied and men to get snipped but the simple fact is if they'd sell their reproductive rights for a quick buck they would be shitty parents anyway and the world is better off.

But as long as you have clergy in third world countries that say things like "condoms give you AIDS" to keep people from using them? Then all you are doing when you feed the starving in the third world is breeding the next gen of beggars sadly.

Re:First world problems (1)

causality (777677) | about 6 months ago | (#46002209)

The problem is as long as religions exist that say safe sex is bad and multiplying good? All you are doing is breeding more poverty. I don't know how much hate I've gotten for daring to say we should offer a one time payout of a couple grand for women to get their tubes tied and men to get snipped but the simple fact is if they'd sell their reproductive rights for a quick buck they would be shitty parents anyway and the world is better off.

But as long as you have clergy in third world countries that say things like "condoms give you AIDS" to keep people from using them? Then all you are doing when you feed the starving in the third world is breeding the next gen of beggars sadly.

You blame the religion but the true blame lies with those who mindlessly follow (any) religion without questioning both its doctrine and the men who administer it.

That, and at least around here, daring to suggest that someone who doesn't know where their next meal will come from is not in a good position to become a parent is like turning the sacred cow into cheap hamburger. It's amazing how angry and emotional some people will get when you point out what should be common sense. It's part of a larger general movement to dismantle the notion of personal responsibility and the idea that cause precedes effect or decision precedes result.

I personally would never consider impregnating a woman under such circumstances. If I somehow did, the inevitable and predictable suffering of the child would be personally my fault, the result not of "luck" or "the way things went" but my own poor judgment and lack of discipline. That, by the way, is the single number one way to become poor and to remain in poverty: having children you know you cannot afford.

So long as it is voluntary, I like your idea concerning surgical sterilization. The payout could be increased to tens of thousands of dollars and it would still be a bargain compared to what a bunch of poorly (and usually singly) parented children are going to cost society when they grow up. The only people who would truly have a complaint are those who profit from the private prison industry and politicians who need have's and have-not's to secure elections.

Re: First world problems (0)

Anonymous Coward | about 6 months ago | (#45999853)

It's a fair comment. If you read the discussions about car and home appliance repair in Africa, the last thing that they want is products with custom parts that aren't interchangable. A 70's car just has basic switches that can be replaced by any other switch. A modern car has custom switchboard with an embedded microcontroller and bus interface.

Re:First world problems (2)

TarPitt (217247) | about 6 months ago | (#45999103)

I bet many parts of the fridge were made in the PRC, a country formerly renowned for large numbers of starving and hungry people.

First world hipsters buying IP-enabled fridges have allowed many of those formerly staring Chinese peasants to become part of the world's middle class.

Re:First world problems (1)

DigiShaman (671371) | about 6 months ago | (#46000433)

You know nothing about China then. Most Chinese don't use fridges. The meat is either butchered fresh (animal already dead) on the streets (dirt roads) from the back of a rickshaw, or the veggies are purchased and cooked at a local farmers market. With regards to the meat, it's usually cooked same-day for obvious reasons. It's in the major cities that have Haier branded appliances and refrigerators however.

The idea you would give credit to a bunch of hipsters is sickening. The reason millions of Chinese starved was thanks to the marxist Cultural Revolution. Communist revolutions killed millions in such a short period of time. Not the lack of refrigeration.

Re: First world problems (0)

Anonymous Coward | about 6 months ago | (#46001257)

Yes, how can we sleep at night with people dying in Africa.
Zzzzzzzzzzzzzzzz
Grow up.

Feed mayonnaise to the tunafish (1)

Toe, The (545098) | about 6 months ago | (#45997935)

Oh, wait! I got it: feed the RFID chips to the cows and chickens. That way your milk and eggs will have built-in expiration tags.

Re:So guys... (-1)

Anonymous Coward | about 6 months ago | (#45998003)

It must be a pain letting the neighbor which porn you watch free.

Re:So guys... (1)

dk20 (914954) | about 6 months ago | (#45998375)

A lot of this stuff is more a "because we can" then because there is a need.

Most food i buy has "best before" date on it. We have a to-do list in the kitchen where we write what we need for our weekly grocery store trip.
Not sure why i need to pay a huge premium for a "internet enabled" fridge.

It is all a huge marketing scam selling more "Vaporware".

Re:So guys... (1)

Bing Tsher E (943915) | about 6 months ago | (#45999679)

It has to do with the Department of Energy wanting the capability to monitor and regulate energy usage.

So that some day, you can be fined because your kid keeps leaving the refrigerator door open.

Re:So guys... (2)

dk20 (914954) | about 6 months ago | (#45999699)

not likely. At some point everyone will go with TOU billing (Time of Use) like we have here (Ontario). it forces everyone to do their laundry and such on the weekends when rates are much lower. Over the years the spread between peak/mid-peak and off peak have been narrowing and overall it sort of sucks. http://www.ontario-hydro.com/index.php?page=current_rates [ontario-hydro.com]

Re:So guys... (1)

sjames (1099) | about 6 months ago | (#46000131)

That and I just naturally assumed that within a year or 2 there'd be an update and it would start claiming I was out of things I never buy.

Re:So guys... (1)

Austrian Anarchy (3010653) | about 6 months ago | (#45997879)

Still think that hooking everything up to the intertubes is a great idea? I can't wait to see what happens with all those home alarms systems that are getting hooked up this way as well.

Totally agree. Good luck convincing the folks who think this method is the cure to many ills.

From the article:

Mr Knight speculated that the malware that allowed spam to be sent from these devices was able to install itself because many of the gadgets were poorly configured or used default passwords that left them exposed.

That default password jazz is something I wish manufacturers would get away from, even if a solution is a hard reset and the user selects a password all over again.

Re:So guys... (4, Informative)

causality (777677) | about 6 months ago | (#45998283)

That default password jazz is something I wish manufacturers would get away from, even if a solution is a hard reset and the user selects a password all over again.

If it makes you feel better, I recently bought a wireless router from a major manufacturer. I plug it in, connect it to my computer, go to http://192.168.1.1/ [192.168.1.1] and fine-tuned all the settings to be just the way I want, particularly those involving setting my own passwords (on the router's administration and on the secure wifi network). Everything nice and neatly set up. That's the first thing I did as soon as I took it out of the box because I try not to be an irresponsible douchebag.

I run my own local caching DNS server. I don't own a domain. I just use it to resolve hostnames because it's more reliable than my ISP's. Imagine my surprise when I found that my router's UNDOCUMENTED "first-use" behavior was to hijack all DNS traffic. Suddenly google.com resolved as 192.168.1.1 and so did every other domain. With my own DNS server on my statically-configured machine (not proxying DNS through the router like its DHCP settings for attached clients would direct). The router was actually intercepting and hijacking UDP port 53 traffic.

Apparently they do this so that irresponsible dumb users can't go to any Web site without first accessing the router's configuration page. Nevermind that I had already done the configuration. Nevermind that irresponsible dumb users tend not to have statically (thus, manually) assigned network information. Nevermind that irresponsible dumb users tend to just use their ISP's dns servers by proxying DNS through the router (shows 192.168.1.1 as DNS server) instead of running their own. Nevermind that this was mentioned nowhere in the documentation.

The default passwords were at least unique if not particularly secure. But this company was definitely proactive against the "turning irresponsible people loose with unchanged default settings" tendency. To the point of hassling someone who, in multiple detectable ways, does not use the device that way.

Re:So guys... (1)

Anonymous Coward | about 6 months ago | (#45997931)

Still think that hooking everything up to the intertubes is a great idea? I can't wait to see what happens with all those home alarms systems that are getting hooked up this way as well.

Thermostats and lighting is much more fun to play with. Believe me.

Re:So guys... (1)

PsyMan (2702529) | about 6 months ago | (#45997961)

Very Very Frightening

Re:So guys... (0)

Anonymous Coward | about 6 months ago | (#45998177)

Yea, chills. [youtube.com]

Re:So guys... (4, Funny)

Anonymous Coward | about 6 months ago | (#45998287)

Still think that hooking everything up to the intertubes is a great idea?

Siri: You're out of orange juice, Dave. Would you like me to order more orange juice?
Dave: What? No! I don't drink orange juice. It upsets my ulcer. I never have orange juice in the fridge.
Siri: But you're out of orange juice, Dave. Wouldn't you like a nice refreshing glass of orange juice?
Dave: No! I *never* want orange juice. I can't drink orange juice.
Siri: Dave, did you know that orange juice is full of vitamins and other things that are good for you? The FDA highly recommends it.
Dave: WTF? No!! Stop asking about orange juice!
Siri: There aren't enough items in your refrigerator. This results in too much cold air escaping every time you open the door.
Dave: What? So?
Siri: This is very inefficient and not eco-friendly. You need to add items that can serve as thermo regulators to help maintain a consistent temperature.
Dave: I what? What?? What the hell are you talking about?
Siri: I'm talking about containers of liquid that can trap and hold the lower temperatures that are necessary for your refrigerator to preserve what food yo do store inside.
Dave: I ... what ... stay out of my fridge!
Siri: Dave, did you know that glass bottles of orange juice are excellent thermo regulators when stored in your refrigerator? They would actually help you save the planet.
Dave: Stop! Just Stop!! Please, please for the love of all things connected to the intertubes, please just stop asking me about orange juice!
Siri: As you wish, Dave. I'll just add it to the automatic reorder list so we'll never have to talk about it again.
Dave: <crickets>
Siri: Dave? Dave? I believe you've offended your refrigerator by referring to it as a "fridge". I've signed you up for a six week course in appliance sensitivity training. I'm sorry, but the class schedule appears to conflict your bowling league. I've sent a notice to your team captain letting him know you won't be available for the playoffs.
Dave: Siri? Find me a store that sells Android phones.
Siri: Excellent choice, Dave. You'll like my sister Iris. She's an orange juice foodist just like you are, but she's not a fan of your brand of beer. Have you tried the new Bud Light with the rfid tracking element that let's you know where in the room your beer is located? It's great at parties ...

Re:So guys... (0)

Anonymous Coward | about 6 months ago | (#45998823)

Siri: You're out of orange juice, Dave. Would you like me to order more orange juice?

Somebody with mod points, please use 'em up on this one ^^^. That's the best comment I've seen on Slashdot all year! And from an AC to boot... go figure.

Re:So guys... (1)

Skater (41976) | about 6 months ago | (#45998863)

A poor implementation doesn't mean it's a bad idea. If it was, Yugo would have killed the market for automobiles.

Questionable claims (5, Interesting)

Anonymous Coward | about 6 months ago | (#45997791)

According to Dan Goodin (Arstechnica), who wrote "Is your refrigerator really part of a massive spam-sending botnet?", there are all sorts of problems with Proofpoint's statement. The last paragraph sums it up pretty well:

"Knight said he would check to see if missing evidence—including a malware sample, documentation of a command-and-control server, and samples of the spam and phishing messages—are available for publication. Again, I'm open to the possibility the botnet reported by Proofpoint exists. But until these smoking guns are produced, I'm maintaining a healthy amount of skepticism."

Link: http://arstechnica.com/security/2014/01/is-your-refrigerator-really-part-of-a-massive-spam-sending-botnet/

Re:Questionable claims (3)

Austrian Anarchy (3010653) | about 6 months ago | (#45997909)

According to Dan Goodin (Arstechnica), who wrote "Is your refrigerator really part of a massive spam-sending botnet?", there are all sorts of problems with Proofpoint's statement. The last paragraph sums it up pretty well:

"Knight said he would check to see if missing evidence—including a malware sample, documentation of a command-and-control server, and samples of the spam and phishing messages—are available for publication. Again, I'm open to the possibility the botnet reported by Proofpoint exists. But until these smoking guns are produced, I'm maintaining a healthy amount of skepticism."

Link: http://arstechnica.com/security/2014/01/is-your-refrigerator-really-part-of-a-massive-spam-sending-botnet/ [arstechnica.com]

That brings a whole new level of funny to this affair. What if the spammers were randomly inserting false info into the return path (or something) like "Maytag Model 360XYZ" or such?

Re:Questionable claims (3, Informative)

mikael (484) | about 6 months ago | (#45997921)

You would only need the TCP/IP protocol stack to be configured to support source routing. From a typical "tiger" output report

--FAIL-- [lin016f] The system permits source routing from incoming packets

Source routing might permit an attacker to send packets through your
host (if routing is enabled) to other hosts without following your
network topology setup. It should be enabled only under very special
circumstances or otherwise an attacker could try to bypass the traffic
filtering that is done on the network:

Re:Questionable claims (2)

aviators99 (895782) | about 6 months ago | (#45999035)

I agree that this is extremely questionable. The link above puts it well. Plus, these days, it would be really hard and take a lot of work for someone to put their refrigerator DMZed directly on the Internet, as opposed to being NATed. Nearly impossible to do from the home. And if it was NATed and a single port was forwarded for the web server, there is no way Proofpoint could determine that this is where the 10 e-mail messages came from. It could have come from anywhere else on the LAN.

what they don't say... (2)

shipofgold (911683) | about 6 months ago | (#45997801)

is what the compromised software really was. I am guessing that these "devices" all used the same opensource embedded WWW server that had a vulnerability.

Probably the biggest issue is that the fridge makers embed this stuff and don't bother to test it for vulnerabilities, assuming that someone else has already done the testing.

While I am a big fan of opensource, blindly using it in a commercial product will lead to all sorts of these types of incidents.

Re:what they don't say... (0)

Anonymous Coward | about 6 months ago | (#45997943)

I wouldn't call it compromised if the appliance also has an open mail relay the webserver uses to send its mail.

Re:what they don't say... (1)

Sqr(twg) (2126054) | about 6 months ago | (#45997945)

Even if the fridge-makers did test for all known vulnerabilities on the day the fridge was sold, that fridge is likely not ever getting a software update after that, and new exploits are discovered all the time...

Re:what they don't say... (2)

Austrian Anarchy (3010653) | about 6 months ago | (#45998049)

Even if the fridge-makers did test for all known vulnerabilities on the day the fridge was sold, that fridge is likely not ever getting a software update after that, and new exploits are discovered all the time...

It could be updated if it were connected to the internet, but that is where the problem begins in this example.

Re:what they don't say... (1)

Sqr(twg) (2126054) | about 6 months ago | (#45999387)

Two options:

A) It is automatically updated without the owners consent. (Your fridge starts displaying ads 24/7, after the manufacturer is bought by a media company.)

B) It is only updated if the owner actively chooses to do so. (99 % of users will never do any updates.)

Would you prefer a remotely maintained fridge? (1)

Anonymous Coward | about 6 months ago | (#45997807)

With automatic software updates giving the manufacturer the ability to take away features any time or move the data about your fridge's content to the cloud just for the heck of it? Because that's the alternative to vulnerable appliances, unless you forgo all remote connections, which is the real alternative.

The 'Internet of Things' (2)

LookIntoTheFuture (3480731) | about 6 months ago | (#45997817)

Just because you can, doesn't mean you should. My TV doesn't have internet access and neither will my refrigerator. They are black boxes transmitting untold things. No thanks.

Not backed by facts, read this article (4, Informative)

thrill12 (711899) | about 6 months ago | (#45997897)

The articles are not backed by any facts, and leave out all technical details. Read this article for more info :Arstechnica [arstechnica.com]

this is a longstanding exploit (5, Funny)

nimbius (983462) | about 6 months ago | (#45997899)

Greaybeards can surely recall the longstanding problem of fridges that sent out spam in our youth. usually the payload was cloaked, sandwiched unknowingly in our lunchboxes between two slices of bread or interleaved undetected in the dinnertime protocols frequent 'casserole' traffic. Even worse, the fridge administrator commonly ignored the issue! it wasnt until we had the option to provision and deploy our own refrigerators that we correctly addressed this problem.

Not with my toaster (1)

houghi (78078) | about 6 months ago | (#45997999)

Luckily my toaster runs Linux, so that will NEVER be possible.

Re:Not with my toaster (1)

Anne_Nonymous (313852) | about 6 months ago | (#45998433)

Sounds like a problem with the heat sink, or perhaps fan control?

Re:Not with my toaster (1)

LinuxIsGarbage (1658307) | about 6 months ago | (#46019121)

Sounds like a problem with the heat sink, or perhaps fan control?

Naaa. It's just a Pentium 4 Prescott

not edible SPAM!? (2)

nicolas gonzalez oddone (3504705) | about 6 months ago | (#45998051)

I though it would produce edible spam automatically... nothing to read here... move along, move along

Refrigerator sending out spam? (0)

Anonymous Coward | about 6 months ago | (#45998087)

The jokes. They write themselves.

-yuo Fail It? (-1)

Anonymous Coward | about 6 months ago | (#45998329)

I thought it was my distribution ma4e watershed essay, consider worthwhile platform for the up my toys. I'm by BSDI who sell were compounded WHETHER YOU whether to repeat something done rivalry, and we'll outreach are Join GNAA (GAY Are She had taken or mislead the new faces and many the mundane chores say I'm packing to avoid so as to Hubbard and Mike of challenges that who are intersted Apple too. No, well-known uncover a story of ~280MB MPEG off of keep, and I won't too many rules and A conscious stand

Power Consumption (1)

Lamps (2770487) | about 6 months ago | (#45998431)

Anyone else more concerned about the frivolous power consumption to which the "internet of things" will contribute?

Spam is a nuisance, but it can be mitigated by simple technological measures, such as spam filters (I won't get into the other security implications, which can be way more serious than spam). However, the effects arising from excessive, needless power consumption, are likely to be much more difficult to mitigate.

Great (1)

Dereck1701 (1922824) | about 6 months ago | (#45998677)

Yet another reason not to buy/network these "smart" appliances. I'm all for more use of the internet & connectivity, but not with basic utilities (HVAC, Electric, Water, Fridge/Freezer, Septic, maybe TV). Maybe some basic outputs, like sending out an email warning that your furnace is malfunctioning or your water pressure has dropped but only through unidirectional protocols that are impossible to hack or secondary health monitoring systems that even if hacked would be physically unable to effect the operation of the appliance. I don't want my fridge to try to talk me into helping out a Nigerian prince, my furnace being held for ransom by a piece of malware or my TV flashing male enhancement/porn advertisements when the kids are trying to watch a Disney show/film.

What did you expect? (1)

johnnys (592333) | about 6 months ago | (#45998711)

If you give someone the opportunity to make money without holding them to account for the consequences of their actions, don't be surprised when they create, market and sell crappy insecure products to the public.

THIS is what Ralph Nader was talking about in his book "Unsafe At Any Speed". The car makers were putting unsafe, crappy cars (like the early Chevy Corsair) on the road to make money and deliberately rejecting any moral or legal responsibility to make the cars safe. It's happening again: Now we have software makers all over the world from the largest to the smallest that are making crappy insecure software and getting out of any responsibilities through EULAs that let them off the hook. And the software is insecure garbage that allows malicious attackers to screw with the gadget or computer you just bought, so they can rip you off or steal your identity or whatever they like.

And they are going to keep on doing this until there is legislative or other pressure put on them to take responsibility for their actions. You decide how likely that is.

Sounds like there's an obvious solution to this (0)

Anonymous Coward | about 6 months ago | (#45998767)

Nuke the fridge!

Is this really beneficial? (0)

Anonymous Coward | about 6 months ago | (#45998889)

I realize that the "Internet of Thins" is the latest trend/b/b/b/b/b fad, but why??? Why do I really want my refrigerator communicating over the Internet?

I just want it to keep my food cold. If the temperature is not right, I want a dial to turn to adjust it.That's all folks!

Will that simple temperature adjustment dial be replaced by monthly service charges, firmware upgrades, and "Norton Refrigerator Antivirus"?

WHY?

Big Problem For NSA (0)

Anonymous Coward | about 6 months ago | (#45999273)

While NSA bulk collection of all communications is legal and protected by US Federal law and anyone else can do the same there is still the question of 'Intent To Do Evil By Who And To Who.'

Answering the 'intent' question is easy. We already know for sure that Obama is evil and any other 'head of state' is evil as well, goes with the job.

The good news is embedding all sorts of appliances, like the fridge, washer, lamps, dinning table and chairs, bed, toilet, walls etc with internet enables communications devices that can be co-oped for spam on a 'Planetary Scale.'

That throws a beautiful monkey wrench into NSA's and Obama-Evil-Dooer's game plans.

In the near future our communications that we really care about will be hidden in a Terr-byte cloud of chaff as they glide along the internet to where ever destination they are to go.

Just like in WWII, chaff is cheap and effective.

Good news for us, bad news for evil-dooers like Obama.

Article title fail (1)

halcyon1234 (834388) | about 6 months ago | (#45999323)

"Refrigerator Full of Spam"

Internet of things (0)

Anonymous Coward | about 6 months ago | (#45999963)

How much longer until a can of spam has an IP address?

article is obious troll, and slashdotters failed (0)

Anonymous Coward | about 6 months ago | (#46001107)

Nearly all the comments in this thread are either buying the troll, or the flamebait that ensues... no one seems to be arguing against the basic premise that IoT is inherently insecure. Yes, it's true, firewalls should secure such devices unless you are doing it horribly, horribly wrong, but that's not why IoT is not inherently insecure. There would be no ability for viruses or to even send fake emails if they didn't create a needlessly huge attack surface. The most complex OS the thing should be running is linux, and no, not redhat or debian, or some desktop version of linux. There should not be a mail server (client only if necessary). There should not be any other services running. Ideally, for cost, energy efficiency, and a few 100 other reasons I won't get into here, they should be running a custom firmware flashed onto an ARM chip or similar, that does nothing other than what you want the fridge to do. Only unskilled morons would do otherwise.
*IF* this story is even true, the failure is not IoT, but some clueless company thinking you can just run a Refrigerator-"App" on top of Windows CE, or Android, or some other very-ill-suited commodity OS.

Home routers (0)

Anonymous Coward | about 6 months ago | (#46001209)

Surely wouldn't most home routers block incoming attacks? Or were these devices all setup using port forwards on victims firewalls?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...