| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.0803241146460.7406@blargman.internal.isomedia.com> Date: Mon, 24 Mar 2008 11:54:49 -0700 (PDT) From: Joe <joe@...anta.com> To: bugtraq@...urityfocus.com Subject: Re: RE: hacking the mitsubishi GB-50A On Mon, 24 Mar 2008, James C. Slora Jr. wrote: >> If you read your own post you would realize that Mitsubishi >> kept the device ipaddress prefix as 192.168.1 so only you >> can attack yourself. > >> 192.168 cannot be access from the internet ;-) >> [unless you NAT at which point its your NAT config problem] > > Wow, I'm glad to hear that machines with private addresses can't be > attacked unless NAT is misconfigured. I'm also glad that we only have to > worry about attacks coming directly from the Internet, and that our LANs > are as safe as ever. A security "problem" that is only a problem if security =elsewhere= has been breached... is not a problem in and of itself. The breach of your LAN is the problem. If the device can only be attacked locally then it's really a non-issue. This is why securing your LAN is of paramount importance - because once they cross your DMZ there is no end to the number of ways you're screwed. -- Joe Harris Administrator - Unix Systems Avvanta, Inc Security Officer Abuse Contact (425) 818-9900 Hostmaster (DNS Administration) (888) 662-5274 http://www.avvanta.com/
Powered by blists - more mailing lists