| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Mar 29 16:58:16 2006 From: octetstream at gmail.com (Octal) Subject: Hello everyone > > After just a few hours of scanning (I have to start somewhere} I have > > located quite a few routers that have their manufacturers password still > > set not to mention loads of Windows machines that have port 139 open AND > > have write access to the whole of the C: Drive in some instances. > > There goes 'ethical' right there. You didn't have permission to scan, > and certainly didn't have a right to try to login to routers you found > (their failure to secure it is not a defense since you knew it wasn't > yours). Depends on what your "ethics" are. Twisting a doorknob and actually going through the doorway are two different things. Of course we don't know what the original author really did. > My question - since it is these machines that I understand will be the > > computers that the hacker will use to hide him/her self and given that > > there are tools around - just that I don't know of one yet - WHY doesn't > > someone send a message to these machines that the owner will see and ASK > > them politely to close up these holes? Perhaps something along the "net > > send" command. > > I'll bet their/your ISP would absolutly *love* that. I bet they would. I have a contact at a Tier 1 that loves hearing from me when I see something strange on their consumer subnets that their IDS, Anti-DDoS and Anti-Botnet software doesn't detect. Granted that's a little different than what the author is talking about, but when DoS liability is eventually tested in court you can bet anything that liable ISPs would have liked to know this stuff in advance. Ian, the best advice I can give you is watch your back when you're doing this stuff. Mike is right that this won't be looked upon too kindly by some authorities (ISP, law, etc). Consumers would have heart attacks if they got popups on their systems saying "you're vulnerable, lock yourself up", and if they don't more often than not they'll disregard the popup as illegitimate. If you truly want to do something your best bet overall is to contact someone intelligent at the ISP any of these hosts/routers belong to. It's also riskier than doing nothing, attempting to contact the users, or plugging the holes on your own, but it would be a more respected channel. Once upon a time I detected an ID theft ring and a compromised server in New Jersey containing 80+ GB of usernames/passwords for bank, paypal, email, etc accounts. I called the provider and they didn't want to hear from me. I called their upstream provider and the FBI and then they started listening. Good luck and don't commit any felonies. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060329/dc383f32/attachment.html
Powered by blists - more mailing lists