Wednesday, April 27, 2011

Insecure Defaults Lead to Mass Open Proxies in China

Via Infosecinstitute Resources -

Description: A bug in Chinese video streaming software leads to mass open proxies on the web.

Introduction
A security blogger has uncoverd a flaw in the Chinese PPLive video streaming software. A new port, TCP port 9415, was appearing regularly on websites that list open proxies. Most of these open proxies were based in China. However, some were also based within Taiwan, Hong Kong and there were small a small number within the United States. Within a year, more than 394,000 instances of open proxies listed with the TCP port 9415 being open were documented.

There was reason to suspect some kind of malware at play. English speaking websites offered little information, Hinky Dink, the blogger who uncoverd the open proxy port, started searching Chinese speaking websites such as Baidu with the help of translation software.

We will look at how the flaw was found, what proxies are and how they are used on the internet today.

No comments:

Post a Comment