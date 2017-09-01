Nearly 3,000 Bitcoin Miners Exposed Online Via Telnet Ports, Without Passwords (bleepingcomputer.com) 11
An anonymous reader quotes a report from Bleeping Computer: Dutch security researcher Victor Gevers has discovered 2,893 Bitcoin miners left exposed on the internet with no passwords on their Telnet port. Gevers told Bleeping Computer in a private conversation that all miners process Bitcoin transactions in the same mining pool and appear to belong to the same organization. "The owner of these devices is most likely a state sponsored/controlled organization part of the Chinese government, " Gevers says, basing his claims on information found on the exposed miners and IP addresses assigned to each device. "At the speed they were taken offline, it means there must be serious money involved," Gevers added. "A few miners is not a big deal, but 2,893 [miners] working in a pool can generate a pretty sum." According to a Twitter user, the entire network of 2,893 miners Gevers discovered could generate an income of just over $1 million per day, if mining Litecoin.
I use telnet extensively in my internal network.
Dead simple interface, capable of moving complex data as JSON or MIME64 strings.
Bad networkBoy! Bad!
Even on a local network, rsh and friends aren't quite as pants-around-your-ankles as telnet is; but there's really no excuse for having an Internet-facing machine running telnet in this day and age. ssh exists for a reason, and even that has issues, as we've seen. If you're gonna run old-coot UUCP-era technology, you're gonna get pwned.
Just because the password can be overheard doesn't mean there shouldn't be one.
