| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Dec 2010 16:36:15 +0000 From: "Thor (Hammer of God)" <thor@...merofgod.com> To: Michal Zalewski <lcamtuf@...edump.cx> Cc: Craig Heffner <cheffner@...ttys0.com>, "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Default SSL Keys in Multiple Routers LOL. Yeah, it seems like I get myself in this cycle of "OMG, really?" followed by "maybe people are starting to learn" and then back to disappointment. To be honest, this was something that I never really considered (shared, persistent keys on routers). In hindsight, it seems like an obvious concern, but it is still interesting. t > -----Original Message----- > From: Michal Zalewski [mailto:lcamtuf@...edump.cx] > Sent: Monday, December 20, 2010 8:16 AM > To: Thor (Hammer of God) > Cc: Craig Heffner; full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] Default SSL Keys in Multiple Routers > > > These manufacturers use the same key on each of their models? That > > seems ridiculous to me... > > As a person who had a Siemens AP / router with a hardcoded, hidden > "management" account on it, I find your surprise entertaining ;-) > > Craig, cool project. > > /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists