lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <b7a807650710121538g689ecadxaa4b875f54a7622@mail.gmail.com>
Date: Fri, 12 Oct 2007 23:38:15 +0100
From: "Adrian P" <unknown.pentester@...il.com>
To: "Valery Marchuk" <tecklord@...uritylab.ru>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: gnucitizen bt home hub latest,
	attacks wide spread, outages reported

Hi guys,

I just have a few comments for the sake accuracy.

On 10/12/07, Valery Marchuk <tecklord@...uritylab.ru> wrote:
> > gnucitizen may be responible for bt being under a massive attack right
> > now.
> Oh my God, people stop talking nonsense!
>
>
> Have you seen the video provided by gnusitizen.org with demonstration of
> this attack or read the vulnerability description?
>
> The guy sends a link to victim, victim visits this link and bam. we see the
> IP address of the router (there are many ways to get his information. I`m
> not familiar with BT products, so I won`t try to guess which way was used).

In the demo video the evil page loads JavaScript that requests a PHP
script located on a third-party server. The PHP script simply emails
the router's IP address to the attacker.

> Then, we see, how attacker is trying to get access to the device via web
> interface, then we see an authentication dialog, which is bypassed via
> default password or through a bug in authentication mechanism. That's it.

We do NOT rely on default passwords in our demo exploit. The attacker
logs into the router using the built-in tech support account and a
password chosen by her (which was set on the Home Hub when the victim
visited the evil page). The authentication bypass only takes place
when the evil page is loaded on the victim's browser for the purpose
of enabling remote assistance *without* requiring a password.

btw, we haven't yet been informed by BT whether or not they have
reproduced our findings successfully.

>
>
>
> Best regards,
> Valery Marchuk
> www.SecurityLab.ru
>
> ----- Original Message -----
> From: "worried security" <worriedsecurity@...glemail.com>
> To: <full-disclosure@...ts.grok.org.uk>
> Sent: Friday, October 12, 2007 7:15 PM
> Subject: [Full-disclosure] gnucitizen bt home hub latest, attacks wide
> spread,outages reported
>
>
> > gnucitizen 0day concerning bt home hub router firmware is vulnerable to
> > attack.
> >
> > bbc radio 1's newsbeat program has been reporting today that customers
> > can't
> > connect to the internet.
> >
> > bbc radio 1 is a national and international radio station.
> >
> > i tried to look on the bbc radio 1 newsbeat site but they haven't put an
> > online version of the report online.
> >
> > they didn't say gnucitizen on the radio but they said a group.
> >
> > they said bt customers have been reporting problems with their bt home hub
> > and the report said bt are denying its connected with the security groups
> > disclosure.
> >
> > this is very interesting but there is very little online about it, even
> > from
> > the bbc, who have been reporting on it via bbc radio 1 at 16:30pm (UK GMT)
> > today.
> >
> > i urge people to investigate.
> >
> > gnucitizen may be responible for bt being under a massive attack right
> > now.
> >
> > the media can phone up bbc radio 1 newsbeat and ask for a copy of the
> > report
> > to be put online.
> >
> > i think they should.
> >
> > the bbc radio 1 shouldn't give reports like that without putting it
> > online.
> >
> > should gnucitizen get into trouble or should we not blame the researchers
> > and only the script kids who have brought down bt today?
> >
> > bbc radio 1 is a music station and the news reports are just top of the
> > hour
> > news flashes lasting about 5 miniutes.
> >
> > they didn't repeat the report at 17:00pm GMT today, but maybe they will
> > repeat it in their 17:45pm GMT news update?
> >
> > i'm sorry i don't have a link, but there isn't one online, UNBELIEVABLE
> > for
> > the bbc, they are usually good at standards.
> >
>
>
> --------------------------------------------------------------------------------
>
>
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
pagvac
gnucitizen.org, ikwt.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ