Hello, welcome to the Friday, September 30th, 2016 edition of the Sandcent Storm Center's

Stormcast. My name is Johannes Ulrich, and the time recording from Jacksonville, Florida.

Sometimes it's the little things that really, you know, can cause big problems in a case that

Xavier is describing in his diary, it was SNMP, the simple network

management protocol. It's often overlooked and not configured, meaning that devices are set up

with default community strings that not only allow monitoring of the devices

and reading of values, but in many cases also changing the configuration.

We have already reported in the past about internet-wide scans that sort of use this in denial

of service attacks, but in Xavier case, it was actually

UPS's uninterruptible power supplies that were not configured, meaning just the default private

community string could be used to override configurations, including shutting down power on the UPS.

Usually all you need to find these issues is a regular, simple, automated vulnerability scan.

It doesn't really require a ton of skill equipment or money to do that.

But then again, even after the scan, of course,

you still have to go in and fix the issue.

And proving that any website can be used

as a command control channel if you do allow users to edit it,

Yahoo Answers has now been added to the list of websites used as a potential command

control channel. Palo Alto reports that they spotted a bot that used Yahoo Answers.

One little twist here, instead of just posting random characters, each byte value is actually translated into an English word.

So while the posting is still somewhat gibberish, it is at least English words and

doesn't really stick out as artificial as much as some of the other bot command and control channels. So pretty tricky and of course hard to block on the network level.

...