| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 13 Oct 2007 00:15:47 +0300 From: "Valery Marchuk" <tecklord@...uritylab.ru> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: gnucitizen bt home hub latest, attacks wide spread, outages reported > gnucitizen may be responible for bt being under a massive attack right > now. Oh my God, people stop talking nonsense! Have you seen the video provided by gnusitizen.org with demonstration of this attack or read the vulnerability description? The guy sends a link to victim, victim visits this link and bam. we see the IP address of the router (there are many ways to get his information. I`m not familiar with BT products, so I won`t try to guess which way was used). Then, we see, how attacker is trying to get access to the device via web interface, then we see an authentication dialog, which is bypassed via default password or through a bug in authentication mechanism. That's it. Best regards, Valery Marchuk www.SecurityLab.ru ----- Original Message ----- From: "worried security" <worriedsecurity@...glemail.com> To: <full-disclosure@...ts.grok.org.uk> Sent: Friday, October 12, 2007 7:15 PM Subject: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread,outages reported > gnucitizen 0day concerning bt home hub router firmware is vulnerable to > attack. > > bbc radio 1's newsbeat program has been reporting today that customers > can't > connect to the internet. > > bbc radio 1 is a national and international radio station. > > i tried to look on the bbc radio 1 newsbeat site but they haven't put an > online version of the report online. > > they didn't say gnucitizen on the radio but they said a group. > > they said bt customers have been reporting problems with their bt home hub > and the report said bt are denying its connected with the security groups > disclosure. > > this is very interesting but there is very little online about it, even > from > the bbc, who have been reporting on it via bbc radio 1 at 16:30pm (UK GMT) > today. > > i urge people to investigate. > > gnucitizen may be responible for bt being under a massive attack right > now. > > the media can phone up bbc radio 1 newsbeat and ask for a copy of the > report > to be put online. > > i think they should. > > the bbc radio 1 shouldn't give reports like that without putting it > online. > > should gnucitizen get into trouble or should we not blame the researchers > and only the script kids who have brought down bt today? > > bbc radio 1 is a music station and the news reports are just top of the > hour > news flashes lasting about 5 miniutes. > > they didn't repeat the report at 17:00pm GMT today, but maybe they will > repeat it in their 17:45pm GMT news update? > > i'm sorry i don't have a link, but there isn't one online, UNBELIEVABLE > for > the bbc, they are usually good at standards. > -------------------------------------------------------------------------------- > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists