Full Disclosure mailing list archives
Fwd: [CASE:12632] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers
From: Shawn Merdinger <shawnmer () gmail com>
Date: Tue, 5 Oct 2010 09:24:52 -0400
FYI, HumanWare is tracking this as CASE:12632 Cheers, --scm ---------- Forwarded message ---------- From: Tom Burton <tom.burton () humanware com> Date: Tue, Oct 5, 2010 at 9:05 AM Subject: RE: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers To: Shawn Merdinger <shawnmer () gmail com> Hello Shawn, Thanks for forwarding this information onto us. We will make our developers aware. Kind regards, Tom ________________________________ Tom Burton Technical Support Assistant HumanWare Europe -----Original Message----- From: Shawn Merdinger [mailto:shawnmer () gmail com] Sent: 01 October 2010 22:49 To: EU. Support; US info; au-sales () humanware com Subject: Fwd: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers ---------- Forwarded message ---------- From: Sabahattin Gucukoglu <mail () sabahattin-gucukoglu com> Date: Fri, Oct 1, 2010 at 5:31 PM Subject: [Full-disclosure] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers To: braillenote () list humanware com Cc: full-disclosure () lists grok org uk, bugtraq () securityfocus com, me-mates () sabahattin-gucukoglu com, support () humanware com BrailleNote Apex offers telnet and FTP access on the standard ports, with read/write privilege on the entire file system, to all comers. No authentication is required. BrailleNote is unsafe on any network whose devices you are not in full charge of, and which (by NAT or firewall) does not protect BrailleNote from the Internet. I am happy and sad. In a chance port scan of my entire network looking for interesting services and protocols that were not accounted for by visible configuration options in all my devices, I found this disaster staring me in the face on the least likely candidate of them all. On the one hand, now I don't need ActiveStink in order to access my files, over the network, from my Mac. I want these services running, for sure (maybe just FTP) but dammit, authentication first! On the other hand, there is no doubt my trust in HumanWare is badly dented, as I was clearly optimistic that they would, and did, do the right thing and secure the device firmware before shipping it. Anonymous FTP and telnet are obvious, easily found and effectively exploited. If it isn't configurable, it shouldn't be enabled. I am quite sure this was the case before now. The most likely explanation is a build with a test configuration and services for development still in use on the newest model; the USB vendor string is further evidence of this. Note to self: that popular expression about assumptions turns out to be true. KeySoft version 9.0.2 build 756, Windows CE 6.0, with telnet and FTP services. While we await an update that either disables the services or allows the user to specify the authentication credentials, do not use your BrailleNote Apex on any untrusted network, or if you are network administrator, temporarily prohibit these devices from connecting to your networks. If "Bad guys" are on your network, the BrailleNote Apex is, alas, easy meat. Cheers, Sabahattin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: [CASE:12632] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers Shawn Merdinger (Oct 05)
- Re: Fwd: [CASE:12632] Warning: BrailleNote Apex Offers Read/Write FTP And Telnet Access To All Comers Sabahattin Gucukoglu (Oct 05)