[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <981584857-1192228070-cardhu_decombobulator_blackberry.rim.net-1149306377-@bxe014.bisx.prod.on.blackberry>
Date: Fri, 12 Oct 2007 22:27:31 +0000
From: gjgowey@....blackberry.net
To: "worried security" <worriedsecurity@...glemail.com>,
full-disclosure-bounces@...ts.grok.org.uk,
full-disclosure@...ts.grok.org.uk
Subject: Re: gnucitizen bt home hub latest,
attacks wide spread, outages reported
I'm wondering if this is like some of the home based router problems of the past. I seem to recall that it was maybe netgear that once had a problem where it didn't get rid of the factory password even after the end user set a new one, another brand had a problem where the cgi-bin dir was not properly protected, and another brand used to have a problem where the accessibility of the web based config interface was unaffected by any settings that the user might make. Another words, this might be some previously discovered vulnerability for another product that someone realized affects this product too.
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: "worried security" <worriedsecurity@...glemail.com>
Date: Fri, 12 Oct 2007 23:05:22
To:full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] gnucitizen bt home hub latest,
attacks wide spread, outages reported
On 10/12/07, Valery Marchuk <tecklord@...uritylab.ru
<mailto:tecklord@...uritylab.ru> > wrote: > gnucitizen may be responible for bt being under a massive attack right
> now.
Oh my God, people stop talking nonsense!
Have you seen the video provided by gnusitizen.org <http://gnusitizen.org/> with demonstration of
this attack or read the vulnerability description?
The guy sends a link to victim, victim visits this link and bam. we see the
IP address of the router (there are many ways to get his information. I`m
not familiar with BT products, so I won`t try to guess which way was used).
Then, we see, how attacker is trying to get access to the device via web
interface, then we see an authentication dialog, which is bypassed via
default password or through a bug in authentication mechanism. That's it.
I said "maybe responisble".
and you think it hasn't tipped off hackers such as the folks as StrikeCenter https://strikecenter.bpointsys.com/
<https://strikecenter.bpointsys.com/> who love to reverse engineer patches, videos and other stuff.
plus, we don't all know whats available "underground", so perhaps a 0-day exploit is in the wild? Because perhaps a hacker has worked out the how to exploit the hole from the reported vulnerability seen on gnucitizen.
just because the full exploit isn't on gnucitizen website doesn't mean their tip off hasn't led to hackers and script kids focusing on the router to work out whats going on.
and if someone does work out the exploit for the vulnerability, its very serious.
i don't think gnucitizen are totally in the clear of responsibility if this does get out of hand.
no one has come out to confirm or deny that there is a wide spread attack on these bt home hub routers yet, a very slow response from this list on the matter, i'm not impressed.
i didn't say there was an attack, i just heard a news report very quickly and i wanted the bbc or someone on the list to confirm the story, but no one can be bothered at this stage to listen to anything i've got to say on the matter.
leave me alone and stop attacking me all the time, when all i'm doing is trying to help.
should i of just ignored what i heard on the radio then?
i think this kind of report i heard is a serious one that needs to be clarified, and if no one takes me seriously then so be it, but at least i tried to alert the security community about what i heard on bbc radio 1.
hopefully though the big corporations on this list have connected up a bt home hub router to the internet and are monitoring it for cyber attacks, which maybe attacking the routers firmware.
and i wasn't intentionally trying to confuse, disinformation or just generally waste everyones time if it does turn out there are no attacks taking place.
even if there are none cyber attacks taking place, it doesn't say there won't be any in the future, so get on top of this now.
hopefully bt will roll out firmware updates very shortly.
and for years now i've questioned how much researchers should take part of the blame when hackers or script kids attack the internet after a researcher discloses information, not just today.
if cyber attacks with the bt home hub router do happen or have happened, in my own mind i will think gnucitizen triggered off the whole event sequence, even if they didn't directly provide the exploit, they certainly tipped hackers and script kids off. _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists