| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: CORE-20021005: Vulnerability Report For Li AARG! Anonymous <remailer@...g.net> wrote: > At 08:10 PM 12/10/02 -0300, CORE Advisories wrote: > >Many Linksys' network appliances have a remote administration and > >configuration interface via HTTP, either from the local network, > >or, if it's enabled, from any host across the internet. > > I just want to make sure I've got this right: > > It comes with secure defaults. > > But if I decide to open it up, it's not secure any more. > > Gee, I wonder what other products could be configured into an > insecure state and boilerplated into an advisory? > > And would iDefense pay me for them? I don't see why not. It seems iDefense staff have very short memories and cannot even run Google searches of obvious terms from the advisories they are apparently so eager to buy. For example, their recent Eudora advisory was obviously a trivial rehash (either unintentional or otherwise I'll leave to others to decide) of one from much earlier this year, as acknowledged in an updated advisory posted the next day. But the updated advisory did not go further and point out that in fact, both are really only minor updates to a series of advisories dating back at least two years, and possibly longer (I got tired of Googling after finding essentially similar advisories from early 2000 but am fairly sure I recall discussion of similar issues related to the predicability of the (default) Eudora "detach" directory name from early 1999 if not even earlier). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists