{"id":81902,"date":"2016-11-10T20:15:15","date_gmt":"2016-11-11T01:15:15","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-07-16T17:02:05","modified_gmt":"2021-07-16T21:02:05","slug":"bad-passwords-crippled-the-web","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/bad-passwords-crippled-the-web\/","title":{"rendered":"Bad Passwords Crippled the Web"},"content":{"rendered":"<p><a href=\"https:\/\/web.archive.org\/web\/20170804065529\/http:\/\/www.ebuyer.com:80\/blog\/2015\/06\/ddos-attacks-explained\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-96911\" title=\"Bad Passwords Crippled the Web\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ddos-attack-e1562374616805-150x144.png?resize=131%2C126&#038;ssl=1\" alt=\"Bad Passwords Crippled the Web\" width=\"131\" height=\"126\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ddos-attack-e1562374616805.png?resize=150%2C144&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ddos-attack-e1562374616805.png?resize=75%2C72&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ddos-attack-e1562374616805.png?resize=768%2C736&amp;ssl=1 768w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/ddos-attack-e1562374616805.png?w=978&amp;ssl=1 978w\" sizes=\"auto, (max-width: 131px) 100vw, 131px\" \/><\/a>Followers of the <em><a href=\"https:\/\/rbach.net\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a><\/em> know that <a href=\"https:\/\/wp.me\/p2wgaW-kzJ\" target=\"_blank\" rel=\"noopener noreferrer\">passwords<\/a> <a href=\"https:\/\/wp.me\/p2wgaW-kTC\" target=\"_blank\" rel=\"noopener noreferrer\">suck<\/a> <a href=\"https:\/\/wp.me\/p2wgaW-kTC\" target=\"_blank\" rel=\"noopener noreferrer\">a<\/a>nd now <strong>default passwords really suck<\/strong>. In fact, default passwords seem to be a key part of the <a href=\"https:\/\/heavy.com\/tech\/2016\/10\/mirai-iot-botnet-internet-of-things-ddos-attacks-internet-outage-blackout-why-is-internet-down\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>massive DDOS attack<\/strong><\/a> <strong>that\u00a0disabled<\/strong> large parts of the Internet on October 21, 2016. The cyberattack targeted <a title=\"Internet traffic\" href=\"http:\/\/en.wikipedia.org\/wiki\/Internet_traffic\" target=\"_blank\" rel=\"nofollow noopener wikipedia noreferrer\">Internet traffic<\/a> company DYN. <a href=\"https:\/\/dyn.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">DYN<\/a> provides <strong><a href=\"https:\/\/en.wikipedia.org\/wiki\/DNS_hosting_service\" target=\"_blank\" rel=\"noopener noreferrer\">DNS services<\/a><\/strong> for many high-profile sites. Some of the sites affected by the attack on <strong>Dyn<\/strong> included; <strong><a title=\"Amazon\" href=\"http:\/\/www.amazon.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon<\/a><\/strong> (<a title=\"NASDAQ : AMZN\" href=\"https:\/\/www.tradingview.com\/symbols\/NASDAQ-AMZN\/\" target=\"_blank\" rel=\"noopener noreferrer\">AMZN<\/a>), <strong><a href=\"http:\/\/www.businessinsider.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Business Insider<\/a><\/strong>, <strong><a href=\"http:\/\/www.nytimes.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">New York Times<\/a><\/strong>, <strong><a href=\"https:\/\/www.reddit.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Reddit<\/a>,<\/strong> and <strong><a title=\"Twitter\" href=\"https:\/\/twitter.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a><\/strong> (<a title=\"NYSE : TWTR\" href=\"https:\/\/www.tradingview.com\/symbols\/NYSE-TWTR\/\" target=\"_blank\" rel=\"noopener noreferrer\">TWTR<\/a>).<\/p>\n<p><a href=\"https:\/\/web.archive.org\/web\/20210417223759\/https:\/\/www.mymac.com\/2016\/04\/giant-ddos-attack-hangzhou-technology-xiongmai-recalls-webcam-maj\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-96915 \" title=\"Chinese electronics company Hangzhou Xiongmai webcams\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/chinawebcam-e1562374692192-150x148.png?resize=107%2C106&#038;ssl=1\" alt=\"\" width=\"107\" height=\"106\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/chinawebcam-e1562374692192.png?resize=150%2C148&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/chinawebcam-e1562374692192.png?resize=75%2C75&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/chinawebcam-e1562374692192.png?w=276&amp;ssl=1 276w\" sizes=\"auto, (max-width: 107px) 100vw, 107px\" \/><\/a>Security researcher <strong><a title=\"Brian Krebs\" href=\"https:\/\/krebsonsecurity.com\" target=\"_blank\" rel=\"homepage nofollow noopener noreferrer\">Brian Krebs<\/a><\/strong>, whose site, krebsonsecurity.com, was one of the first sites hit by a <strong>massive 620 GB\/s <a title=\"Denial-of-service attack\" href=\"https:\/\/www.infosecurity-magazine.com\/news\/krebs-website-hit-by-620-gbps-ddos\/\" target=\"_blank\" rel=\"nofollow noopener wikipedia noreferrer\">DDoS attack<\/a><\/strong>, has reported the <strong>Mirai botnet<\/strong> was at the center of the attack on his site. <a href=\"http:\/\/www.cio.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>CIO.com<\/em><\/a> <a href=\"https:\/\/web.archive.org\/web\/20170601125315\/http:\/\/www.cio.com:80\/article\/3136270\/security\/the-secret-behind-the-success-of-mirai-iot-botnets.html\" target=\"_blank\" rel=\"noopener noreferrer\">reports<\/a>\u00a0 \u2018Mirai\u2019 can break into a wide range of <strong><a title=\"Internet of things\" href=\"http:\/\/en.wikipedia.org\/wiki\/Internet_of_things\" target=\"_blank\" rel=\"nofollow noopener wikipedia noreferrer\">Internet of Things<\/a><\/strong> (IoT) devices from <strong>CCTV cameras<\/strong> to <strong>DVRs<\/strong> to home <strong>networking equipment<\/strong> turning them into \u2018<b>bots<\/b>. <em>CIO<\/em> reports a single <strong>Chinese vendor<\/strong>, <a href=\"http:\/\/www.xiongmaitech.com\/en\/\" target=\"_blank\" rel=\"noopener noreferrer\">Hangzhou Xiongmai Technology <\/a>made many of the devices used in the Mirai attacks.<\/p>\n<p><a title=\"Level 3 Communications\" href=\"https:\/\/www.denverpost.com\/2017\/11\/01\/level-3-communications-centurylink\/\" target=\"_blank\" rel=\"homepage nofollow noopener noreferrer\">Level 3 Communications<\/a> says there are nearly half a million Mirai-powered bots worldwide. To amass an IoT botnet, a Mirai bot herder scans a broad range of IP addresses, trying to login to devices using a list of <strong>default usernames and passwords<\/strong> that are baked into Mirai code, according to <strong><a title=\"US-CERT\" href=\"http:\/\/www.us-cert.gov\" target=\"_blank\" rel=\"homepage nofollow noopener noreferrer\">US-CERT<\/a><\/strong>. The Mirai zombie devices are largely security cameras, DVRs, and home routers. Mr. Krebs <a href=\"https:\/\/krebsonsecurity.com\/2016\/10\/who-makes-the-iot-things-under-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">identified<\/a> some of the specific devices.<\/p>\n<h2 id=\"tablepress-45-name\" class=\"tablepress-table-name tablepress-table-name-id-45\">Mirai Passwords<\/h2>\n\n<table id=\"tablepress-45\" class=\"tablepress tablepress-id-45\" aria-labelledby=\"tablepress-45-name\">\n<thead>\n<tr class=\"row-1\">\n\t<th class=\"column-1\">Username<\/th><th class=\"column-2\">Password<\/th><th class=\"column-3\">Function<\/th>\n<\/tr>\n<\/thead>\n<tbody class=\"row-striping row-hover\">\n<tr class=\"row-2\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">123456<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-3\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">123456<\/td><td class=\"column-3\">ACTi IP camera<\/td>\n<\/tr>\n<tr class=\"row-4\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">password<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-5\">\n\t<td class=\"column-1\">admin1<\/td><td class=\"column-2\">password<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-6\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">password<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-7\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">12345<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-8\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">12345<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-9\">\n\t<td class=\"column-1\">guest<\/td><td class=\"column-2\">12345<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-10\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">1234<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-11\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">1234<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-12\">\n\t<td class=\"column-1\">administrator<\/td><td class=\"column-2\">1234<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-13\">\n\t<td class=\"column-1\">888888<\/td><td class=\"column-2\">888888<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-14\">\n\t<td class=\"column-1\">666666<\/td><td class=\"column-2\">666666<\/td><td class=\"column-3\">Dahua IP camera<\/td>\n<\/tr>\n<tr class=\"row-15\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">(none)<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-16\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">1111<\/td><td class=\"column-3\">Xerox printers, etc.<\/td>\n<\/tr>\n<tr class=\"row-17\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">1111111<\/td><td class=\"column-3\">Samsung IP camera<\/td>\n<\/tr>\n<tr class=\"row-18\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">54321<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-19\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">7ujMko0admin<\/td><td class=\"column-3\">Dahua IP camera<\/td>\n<\/tr>\n<tr class=\"row-20\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">admin<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-21\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">admin1234<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-22\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">meinsm<\/td><td class=\"column-3\">Mobotix network camera<\/td>\n<\/tr>\n<tr class=\"row-23\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">pass<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-24\">\n\t<td class=\"column-1\">admin<\/td><td class=\"column-2\">smcadmin<\/td><td class=\"column-3\">SMC router<\/td>\n<\/tr>\n<tr class=\"row-25\">\n\t<td class=\"column-1\">Administrator<\/td><td class=\"column-2\">admin<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-26\">\n\t<td class=\"column-1\">guest<\/td><td class=\"column-2\">guest<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-27\">\n\t<td class=\"column-1\">mother<\/td><td class=\"column-2\">fucker<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-28\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">(none)<\/td><td class=\"column-3\">Viviotek IP camera<\/td>\n<\/tr>\n<tr class=\"row-29\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">00000000<\/td><td class=\"column-3\">Panasonic printers<\/td>\n<\/tr>\n<tr class=\"row-30\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">1111<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-31\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">54321<\/td><td class=\"column-3\">Packet8 VoIP phone<\/td>\n<\/tr>\n<tr class=\"row-32\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">666666<\/td><td class=\"column-3\">Dahua DVR<\/td>\n<\/tr>\n<tr class=\"row-33\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">7ujMko0admin<\/td><td class=\"column-3\">Dahua IP camera<\/td>\n<\/tr>\n<tr class=\"row-34\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">7ujMko0vizxv<\/td><td class=\"column-3\">Dahua IP camera<\/td>\n<\/tr>\n<tr class=\"row-35\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">888888<\/td><td class=\"column-3\">Dahua DVR<\/td>\n<\/tr>\n<tr class=\"row-36\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">admin<\/td><td class=\"column-3\">IPX-DDK network camera<\/td>\n<\/tr>\n<tr class=\"row-37\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">anko<\/td><td class=\"column-3\">Anko Products DVR<\/td>\n<\/tr>\n<tr class=\"row-38\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">default<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-39\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">dreambox<\/td><td class=\"column-3\">Dreambox TV receiver<\/td>\n<\/tr>\n<tr class=\"row-40\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">hi3518<\/td><td class=\"column-3\">HiSilicon IP Camera<\/td>\n<\/tr>\n<tr class=\"row-41\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">ikwb<\/td><td class=\"column-3\">Toshiba network camera<\/td>\n<\/tr>\n<tr class=\"row-42\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">juantech<\/td><td class=\"column-3\">Guangzhou Juan Optical<\/td>\n<\/tr>\n<tr class=\"row-43\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">jvbzd<\/td><td class=\"column-3\">HiSilicon IP Camera<\/td>\n<\/tr>\n<tr class=\"row-44\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">klv123<\/td><td class=\"column-3\">HiSilicon IP Camera<\/td>\n<\/tr>\n<tr class=\"row-45\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">klv1234<\/td><td class=\"column-3\">HiSilicon IP Camera<\/td>\n<\/tr>\n<tr class=\"row-46\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">pass<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-47\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">realtek<\/td><td class=\"column-3\">Realtek router<\/td>\n<\/tr>\n<tr class=\"row-48\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">root<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-49\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">system<\/td><td class=\"column-3\">IQinVision camera, etc.<\/td>\n<\/tr>\n<tr class=\"row-50\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">user<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-51\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">vizxv<\/td><td class=\"column-3\">Dahua camera<\/td>\n<\/tr>\n<tr class=\"row-52\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">xc3511<\/td><td class=\"column-3\">H.264 - Chinese DVR<\/td>\n<\/tr>\n<tr class=\"row-53\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">xmhdipc<\/td><td class=\"column-3\">Senzhen Anran security camera<\/td>\n<\/tr>\n<tr class=\"row-54\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">zlxx.<\/td><td class=\"column-3\">EV ZLX two way speaker<\/td>\n<\/tr>\n<tr class=\"row-55\">\n\t<td class=\"column-1\">root<\/td><td class=\"column-2\">Zte521<\/td><td class=\"column-3\">ZTE router<\/td>\n<\/tr>\n<tr class=\"row-56\">\n\t<td class=\"column-1\">service<\/td><td class=\"column-2\">service<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-57\">\n\t<td class=\"column-1\">supervisor<\/td><td class=\"column-2\">supervisor<\/td><td class=\"column-3\">VideoIQ<\/td>\n<\/tr>\n<tr class=\"row-58\">\n\t<td class=\"column-1\">support<\/td><td class=\"column-2\">support<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-59\">\n\t<td class=\"column-1\">tech<\/td><td class=\"column-2\">tech<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<tr class=\"row-60\">\n\t<td class=\"column-1\">ubnt<\/td><td class=\"column-2\">ubnt<\/td><td class=\"column-3\">Ubiquiti AirOS Router<\/td>\n<\/tr>\n<tr class=\"row-61\">\n\t<td class=\"column-1\">user<\/td><td class=\"column-2\">user<\/td><td class=\"column-3\"><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<!-- #tablepress-45 from cache -->\n<p>US-CERT says the purported author of Mirai claims to have 380,000 IoT devices are under its control. Some estimate the <strong>botnet<\/strong> has generated greater than <strong>1Tbps DDoS attacks<\/strong>.<\/p>\n<p><a href=\"https:\/\/www.calyptix.com\/top-threats\/ddos-attacks-trends-show-stronger-threat-in-2015\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-96918 \" title=\"DDOS attack\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/DDOS-Attack.jpg?resize=105%2C105&#038;ssl=1\" alt=\"DDOS attack\" width=\"105\" height=\"105\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/DDOS-Attack.jpg?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/DDOS-Attack.jpg?resize=75%2C75&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/DDOS-Attack.jpg?w=300&amp;ssl=1 300w\" sizes=\"auto, (max-width: 105px) 100vw, 105px\" \/><\/a>When Mirai botnets are called upon to carry out DDoS attacks, they can draw on a range of tools including ACK, <a href=\"https:\/\/www.incapsula.com\/ddos\/attack-glossary\/dns-flood.html\" target=\"_blank\" rel=\"noopener noreferrer\">DNS<\/a>, <a href=\"https:\/\/www.securityweek.com\/150000-iot-devices-abused-massive-ddos-attacks-ovh\" target=\"_blank\" rel=\"noopener noreferrer\">GRE<\/a>, <a href=\"https:\/\/www.incapsula.com\/ddos\/attack-glossary\/syn-flood.html\" target=\"_blank\" rel=\"noopener noreferrer\">SYN<\/a>, <a href=\"https:\/\/www.incapsula.com\/ddos\/attack-glossary\/udp-flood.html\" target=\"_blank\" rel=\"noopener noreferrer\">UDP<\/a> and Simple Text Oriented Message Protocol (STOMP) floods, <a href=\"https:\/\/web.archive.org\/web\/20181021221254\/https:\/\/www.networkworld.com\/article\/3136314\/security\/the-secret-behind-the-success-of-mirai-iot-botnets.html\" target=\"_blank\" rel=\"noopener noreferrer\">says<\/a> Josh Shaul, vice president of web security for Akamai.<\/p>\n<p><strong><em>rb-<\/em><\/strong><\/p>\n<p><em>Followers of <a href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> already know that many of the default passwords used by Mirai are <a href=\"https:\/\/wp.me\/p2wgaW-kzJ\" target=\"_blank\" rel=\"noopener noreferrer\">among the worst<\/a> and should have been changed already. They include:<\/em><\/p>\n<ul>\n<li><em>Password<\/em><\/li>\n<li><em>123456<\/em><\/li>\n<li><em>12345<\/em><\/li>\n<li><em>1234<\/em><\/li>\n<\/ul>\n<p><em>While reports say, Chinese vendor, <a href=\"http:\/\/www.xiongmaitech.com\/en\/\" target=\"_blank\" rel=\"noopener noreferrer\">XiongMai Technologies<\/a> equipment was widely exploited, other notable tech firms are included. The Mirai zombie army includes equipment from <strong><a title=\"Xerox\" href=\"http:\/\/www.xerox.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Xerox<\/a><\/strong> (<a title=\"NYSE | XRX\" href=\"https:\/\/www.tradingview.com\/symbols\/NASDAQ-XRX\/\" target=\"_blank\" rel=\"noopener noreferrer\">XRX<\/a>), <strong><a href=\"https:\/\/web.archive.org\/web\/20160318064944\/http:\/\/us.toshiba.com:80\/computers\/laptops\" target=\"_blank\" rel=\"noopener noreferrer\">Toshiba<\/a><\/strong> (<a href=\"https:\/\/www.bbc.co.uk\/news\/business-66874016\" target=\"_blank\" rel=\"noopener noreferrer\">TOSBF<\/a>), <strong><a title=\"Samsung Electronics Co.\" href=\"http:\/\/www.samsung.com\/us\/\" target=\"_blank\" rel=\"noopener noreferrer\">Samsung<\/a> <\/strong>(<a title=\"KS : 005930\" href=\"http:\/\/www.bloomberg.com\/quote\/005930:KS\" target=\"_blank\" rel=\"noopener noreferrer\">005930<\/a>), <strong><a href=\"https:\/\/www.panasonic.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Panasonic<\/a><\/strong> (<a href=\"https:\/\/www.google.com\/finance?q=TYO:6752\" target=\"_blank\" rel=\"noopener noreferrer\">6752<\/a>), and <strong><a title=\"ZTE\" href=\"http:\/\/www.zte.com.cn\/\" target=\"_blank\" rel=\"noopener noreferrer\">ZTE<\/a><\/strong> (<a title=\"763:Hong Kong\" href=\"https:\/\/www.google.com\/finance?q=SHE:000063\" target=\"_blank\" rel=\"noopener noreferrer\">763<\/a>).<\/em><\/p>\n<p><em> I wrote about security cameras being compromised as part of botnets back in July <a href=\"https:\/\/wp.me\/p2wgaW-kYr\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/em><\/p>\n<p>&nbsp;<\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"https:\/\/www.helpnetsecurity.com\/2016\/10\/26\/terabit-scale-ddos-events\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Terabit-scale DDoS events are on the horizon<\/a> (helpnetsecurity.com)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recent Mirai botnet attack took down Amazon, New York Times, Twitter, and others by baking bad passwords into its code<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[2686,58,761,1573,35,948,1748,768,1901,2808,2807,2812,2541,964,393,4,1726,60,2011,828,2809,1520],"class_list":["post-81902","post","type-post","status-publish","format-standard","hentry","category-security","tag-2686","tag-botnet","tag-brian-krebs","tag-business-insider","tag-china","tag-cyber-attack","tag-ddos","tag-denial-of-service-attack","tag-dns","tag-dyn","tag-mirai","tag-new-york-times","tag-passwords","tag-reddit","tag-samsung","tag-security","tag-toshiba","tag-twitter","tag-twtr","tag-xerox","tag-xiongmai-technologies","tag-zte"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/81902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=81902"}],"version-history":[{"count":22,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/81902\/revisions"}],"predecessor-version":[{"id":131234,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/81902\/revisions\/131234"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=81902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=81902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=81902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}