| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <67ea64530710121505n4af5a8c3pb8e66a04f377ef6@mail.gmail.com>
Date: Fri, 12 Oct 2007 23:05:22 +0100
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: gnucitizen bt home hub latest,
attacks wide spread, outages reported
On 10/12/07, Valery Marchuk <tecklord@...uritylab.ru> wrote:
>
> > gnucitizen may be responible for bt being under a massive attack right
> > now.
> Oh my God, people stop talking nonsense!
>
>
> Have you seen the video provided by gnusitizen.org with demonstration of
> this attack or read the vulnerability description?
>
> The guy sends a link to victim, victim visits this link and bam. we see
> the
> IP address of the router (there are many ways to get his information. I`m
> not familiar with BT products, so I won`t try to guess which way was
> used).
> Then, we see, how attacker is trying to get access to the device via web
> interface, then we see an authentication dialog, which is bypassed via
> default password or through a bug in authentication mechanism. That's it.
I said "maybe responisble".
and you think it hasn't tipped off hackers such as the folks as StrikeCenter
https://strikecenter.bpointsys.com/ who love to reverse engineer patches,
videos and other stuff.
plus, we don't all know whats available "underground", so perhaps a 0-day
exploit is in the wild? Because perhaps a hacker has worked out the how to
exploit the hole from the reported vulnerability seen on gnucitizen.
just because the full exploit isn't on gnucitizen website doesn't mean their
tip off hasn't led to hackers and script kids focusing on the router to work
out whats going on.
and if someone does work out the exploit for the vulnerability, its very
serious.
i don't think gnucitizen are totally in the clear of responsibility if this
does get out of hand.
no one has come out to confirm or deny that there is a wide spread attack on
these bt home hub routers yet, a very slow response from this list on the
matter, i'm not impressed.
i didn't say there was an attack, i just heard a news report very quickly
and i wanted the bbc or someone on the list to confirm the story, but no one
can be bothered at this stage to listen to anything i've got to say on the
matter.
leave me alone and stop attacking me all the time, when all i'm doing is
trying to help.
should i of just ignored what i heard on the radio then?
i think this kind of report i heard is a serious one that needs to be
clarified, and if no one takes me seriously then so be it, but at least i
tried to alert the security community about what i heard on bbc radio 1.
hopefully though the big corporations on this list have connected up a bt
home hub router to the internet and are monitoring it for cyber attacks,
which maybe attacking the routers firmware.
and i wasn't intentionally trying to confuse, disinformation or just
generally waste everyones time if it does turn out there are no attacks
taking place.
even if there are none cyber attacks taking place, it doesn't say there
won't be any in the future, so get on top of this now.
hopefully bt will roll out firmware updates very shortly.
and for years now i've questioned how much researchers should take part of
the blame when hackers or script kids attack the internet after a researcher
discloses information, not just today.
if cyber attacks with the bt home hub router do happen or have happened, in
my own mind i will think gnucitizen triggered off the whole event sequence,
even if they didn't directly provide the exploit, they certainly tipped
hackers and script kids off.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists