I have been playing VikingMUD for more than a decade. I have been 'backdoor/hacking' it when I was using telnet to connect?
I have been audit in IT/IT Audit/IT Security for quite a while. Having ability to telnet in is not a crime. We got firewalls for stuff like that. Even if it is not documented in whatever paperwork have been provided, it takes 5 seconds on a scan to pick this up. There also a bunch of IDS/IPS out there that would spot and kill such a connection attempt in a millisecond.
Also, telnet is unencrypted. Who attacks something when everything is readable? It beats the purpose.
This story has so many holes that a junior net-admin could prevent in their first week. I will assume that Vodafone has 'an army' of highly skilled network and security administrators that have "block telnet" in the first page of their checklists.
I am not taking sides. I am just thinking of ways I have reacted in the past when I found on firewall logs blocked connect attempts.
I also think Bloomberg should stick to what they do best, money. Let the IT Sec to far more qualified outlets. Or if they really want to do this right, and not just aim for clickbaits, get a team of experts to go through their material before they post.
I don't think you have an idea of how a telco works.
There isn't some giant firewall that every request goes through so you can say "block port 21" and your problem is fixed. Most of the equipment is talking directly to each other on many different private networks some of which may be managed by third parties. And as companies shift towards virtualised, container based architectures it can become harder as there is more complexity as companies transition.
And not sure if you've worked at a large company before but the idea that they have this army of highly skilled people who just make sure everything works perfectly isn't what happens.
Actually I have, most of my employers and clients the past few decades have 80k++ employees. I understand that there are PLENTY of interfaces on a company on the size of Vodafone (let's call them that) that have live access to networks, infrastructure, and what have you (e.g. Huawei, Nokia, Ericsson to name the big whales) and myriad other smaller ones monitoring, fixing, live, a million moving parts.
The responsibility and accountability remains though. I do not accept the 'we are big and busy so we drop the ball'.
I have been audit in IT/IT Audit/IT Security for quite a while. Having ability to telnet in is not a crime. We got firewalls for stuff like that. Even if it is not documented in whatever paperwork have been provided, it takes 5 seconds on a scan to pick this up. There also a bunch of IDS/IPS out there that would spot and kill such a connection attempt in a millisecond.
Also, telnet is unencrypted. Who attacks something when everything is readable? It beats the purpose.
This story has so many holes that a junior net-admin could prevent in their first week. I will assume that Vodafone has 'an army' of highly skilled network and security administrators that have "block telnet" in the first page of their checklists.
I am not taking sides. I am just thinking of ways I have reacted in the past when I found on firewall logs blocked connect attempts.
I also think Bloomberg should stick to what they do best, money. Let the IT Sec to far more qualified outlets. Or if they really want to do this right, and not just aim for clickbaits, get a team of experts to go through their material before they post.