| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 1 Apr 2007 01:18:39 -0400 From: Aviram Jenik <aviram@...ondsecurity.com> To: full-disclosure@...ts.grok.org.uk Subject: ISP in the UK Terminates Account after Full Disclosure Short version: beThere, a UK ISP distributed routers to customers with the telnet port open and a default administrator password. A bit embarrassing. Sid, who discovered the hole, originally blogged about it on SecuriTeam blogs, which resulted in the ISP calling us within 24 hours to have Sid take down the password information (as if that can't be figured out by the average script kiddie), but a month and a half later the problem is still there. I guess we know where their priorities are. What else didn't take them long to do? Terminating Sid's Internet account. Yeah, that'll teach him a lesson telling the world about security holes in beThere's service. Bad customer. Go bother someone else. Oh, and the backdoor? Still there, thanks for asking. My longer rant here: http://blogs.securiteam.com/index.php/archives/860 And here's Sid's original disclosure: http://blogs.securiteam.com/index.php/archives/826 - Aviram _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists