lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <p06001305baf9b3037523@[192.168.1.104]>
Date: Tue, 27 May 2003 20:34:27 -0400
From: Kee Hinckley <nazgul@...ewhere.com>
To: CORE Security Technologies Advisories <advisories@...esecurity.com>
Cc: Bugtraq <bugtraq@...urityfocus.com>,
 Vulnwatch <vulnwatch@...nwatch.org>,
 full-disclosure <full-disclosure@...ts.netsys.com>
Subject: Re: CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass


While you are fixing the vulnerability in your Axis video camera. 
Please also stop to check and make sure that you have turned off (or 
properly configured) it's ability to send snapshots via email.  If 
you turn on the function without configuring the addresses, older 
cameras will default to sending email to mail@...ewhere.com "from" 
olga@...ewhere.com.  We get on the order of ten to fifteen thousand 
of these every day.  On occasions when we've bothered to look, we've 
seen things ranging from computer rooms to jewelry store security 
cameras.  Probably not the kind of thing you'd want to be sending to 
strangers.

-- 
Kee Hinckley
http://www.messagefire.com/          Anti-Spam Service for your POP Account
http://commons.somewhere.com/buzz/   Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ