Hacker News new | ask | show | jobs
by mrweasel 977 days ago
Yes, but currently that has zero consequences. Say you infect 500.000 Windows XP machines or consumer routers, the owners of those devices isn't going to be informed, nor is their ISPs. In many cases the manufacturer of those devices also aren't going to provide security update, but those probably wasn't going to be applied anyway.
3 comments
jrockway 977 days ago
Are you positive that "tell nobody" is the mitigation strategy that Google used here? They could have easily asked router vendors to patch their devices, asked ISPs to blackhole those customers until they're patched, etc.
link
soperj 977 days ago
Patch what though? They know that they're getting hit with unprecedented traffic, not how those computers were infected.
link
menscher 977 days ago
It's mostly not infected computers, but rather poorly configured proxies that are open for anyone to bounce malicious traffic through. Convincing everyone to clean up their open proxies is a long-term, hard problem. But I plan to tackle it soon....
link
superjan 977 days ago
How? I suppose the most effective way is to have those proxies attack each other. But don’t, it’s likely illegal.
link
menscher 977 days ago
Get a few companies to agree that open proxies are a scourge that needs to be stopped. They each apply some action to open proxies (user-facing messaging, loss of functionality, captcha, or complete block), and the users of those proxies will get the problem fixed.

The hard part (and it truly is hard!) is convincing a few companies to do this. It risks user complaints in the short term, to solve a problem that may not be very acute for the largest companies (who can simply absorb these attacks).

link
superjan 971 days ago
How about downgrading all connections from said proxies to http 1.1? This can be done in coordination, but it ought not to be too hard to embed such ‘graylisting’ functionality in a webserver.

(No I don’t expect any response but I am just leaving this thought for those who stumble on this thread in the future).

link
soperj 977 days ago
the most efficient way would be to write a script that gains root on those open proxies and then fixes the issue.
link
wsintra2022 977 days ago
Effective or efficient? Would seem rather inefficient to spend time researching all the possible ways to gain route on x number of servers, finding an exploit, crafting some plan to execute it, keeping your prints clean etc etc
link
ExoticPearTree 977 days ago
So you're saying Google and Cloudflare, just as an example, should block consumers of other ISPs because they run "unpatched" software or they have malware running on their devices? Lol, this is a very absurd and narrow minded view how the internet works. You deal with the traffic, you don't randomly block eyeball networks because they're attacking you.
link
c0pium 977 days ago
> you don't randomly block eyeball networks because they're attacking you.

ISPs do this literally all the time. They sell services that do this.

link
mensetmanusman 977 days ago
Google should start using their ad network to silently update people’s security!
link
qup 977 days ago
Uh, no thanks from this user.

Also, sounds illegal.

link
lazide 977 days ago
Definitely illegal in the US.
link
KomoD 977 days ago
> the owners of those devices isn't going to be informed, nor is their ISPs

not necessarily true

link
WelcomeShorty 977 days ago
But these ISPs that give something and inform and even isolate their infected customers are few and far between.

Shout out to Dutch ISP XS4ALL who was (is?) very very strict and active in this space.

link