| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <451534FD.7774.13E0C413@nick.virus-l.demon.co.uk> Date: Sat, 23 Sep 2006 13:22:05 +1200 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: FiWin SS28S WiFi VoIP SIP/Skype Phone Hardcoded Telnet user/pass and debug access Paul Schmehl wrote: > The engineers who designed this should be summarily fired. The terminal > stupidity of it is mind boggling! I think _beyond_ mind-boggling. It's mind-boggling that no-one else involved in the development/ testing noticed EITHER that this "unintended" backdoor existed OR implementing that design was stupefyingly moronic. Either way, marginally sentient beings should have prevented this stupidity making it to production. That it was not stopped raises a bunch of questions about the fitness to purpose and other quality issues for all other Fi Win products. Having now read the review, I see that such concerns clearly already apply to other design features of the SS28S... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists