lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 01 Oct 2010 15:43:04 -0700
From: Joseph Lee <joseph.lee22590@...il.com>
To: Sabahattin
	Gucukoglu<mail-dated-1288560723.1b3802@...ahattin-gucukoglu.com>,
	braillenote@...t.humanware.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	me-mates@...ahattin-gucukoglu.com, support@...anware.com
Subject: Re: [Braillenote] Warning: BrailleNote Apex
	Offers Read/Write FTP AndTelnet Access To All Comers

Hi,
Uh oh...  This is a very huge security risk.  It's not KeySoft's 
fault (I'd say) - it's the network services on Windows CE's 
problem.  If someone does write a web app or a program which 
launches automatically on the Apex, and if this program came 
through standard ports on the network, then this opens up a new 
category of malware or exploits on embedded devices like 
BrailleNote.
For those who may not recognize what we are talking about: a port 
is some kind of a "door" that allows computers to connect and 
exchange information over a network using certain rules, or 
protocols.  In this sense, a port can be thought of as a gateway 
that allows computers to connect to a network.  FTP (File 
Transfer Protocol) refers to rules governing how files should be 
sent over the Internet, and Telnet is a way of connecting to a 
remote terminal using text input and output.
I promise: One of these days I'll post a mini dictionary on 
network terms on this list...  Good thing that we have a network 
engineer here - if only an SDK is here, he'd help HW do something 
about security...
Cheers,
Joseph
 ----- Original Message -----
From: Sabahattin Gucukoglu <mail@...ahattin-gucukoglu.com
To: braillenote@...t.humanware.com
Date sent: Fri, 1 Oct 2010 22:31:58 +0100
Subject: [Braillenote] Warning: BrailleNote Apex Offers 
Read/Write FTP AndTelnet Access To All Comers

BrailleNote Apex offers telnet and FTP access on the standard 
ports, with read/write privilege on the entire file system, to 
all comers.  No authentication is required.  BrailleNote is 
unsafe on any network whose devices you are not in full charge 
of, and which (by NAT or firewall) does not protect BrailleNote 
from the Internet.

I am happy and sad.  In a chance port scan of my entire network 
looking for interesting services and protocols that were not 
accounted for by visible configuration options in all my devices, 
I found this disaster staring me in the face on the least likely 
candidate of them all.  On the one hand, now I don't need 
ActiveStink in order to access my files, over the network, from 
my Mac.  I want these services running, for sure (maybe just FTP) 
but dammit, authentication first!  On the other hand, there is no 
doubt my trust in HumanWare is badly dented, as I was clearly 
optimistic that they would, and did, do the right thing and 
secure the device firmware before shipping it.  Anonymous FTP and 
telnet are obvious, easily found and effectively exploited.  If 
it isn't configurable, it shouldn't be enabled.  I am quite sure 
this was the case before now.  The most likely explanation is a 
build with a test configuration and services for development 
still in use on the newest model; the USB vendor string is 
further evidence of this.  Note to self: that popular expression 
about assumptions turns out to be true.

KeySoft version 9.0.2 build 756, Windows CE 6.0, with telnet and 
FTP services.

While we await an update that either disables the services or 
allows the user to specify the authentication credentials, do not 
use your BrailleNote Apex on any untrusted network, or if you are 
network administrator, temporarily prohibit these devices from 
connecting to your networks.  If "Bad guys" are on your network, 
the BrailleNote Apex is, alas, easy meat.

Cheers,
Sabahattin

___
Replies to this message will go directly to the sender.
If your reply would be useful to the list, please send a
copy to the list as well.

To leave the BrailleNote list, send a blank message to
braillenote-unsubscribe@...t.humanware.com
To view the list archives or change your preferences, visit
http://list.humanware.com/mailman/listinfo/braillenote

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ