Interesting People mailing list archives
IP: re Security flaw found in Alcatel's high-speed modems:
From: David Farber <dave () farber net>
Date: Tue, 24 Apr 2001 05:13:05 -0400
From: "Geoff Mulligan" <geoff () mulligan com> To: <farber () cis upenn edu> Subject: RE: re Security flaw found in Alcatel's high-speed modems: [risks] Risks Digest 21.35 Date: Mon, 23 Apr 2001 19:33:22 -0600 X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal Well Dave, this then is an understatement. Having helped Tsutomu work on this, I can tell you that the modem can be completely compromised such that you can have it capture all traffic in and out of the network and all traffic on the lan connected to the modem. In addition since it is possible to overwrite the firmware, not just with "garbage" but with a "revised" version of working code, this penetration of the network (maybe not the systems) is rather complete. What is most disconcerting about this security flaw, is that it seems it was designed into the modem and is wide open back door for anyone to "snoop" your data. I think it is unconscionable that a modem manufacturer would purposefully install a "secret" back door. I don't know if you were able to see the original word document that I sent you a pointer to that included the revisions. If you'd like to, let me know. I saved a copy. geoff -----Original Message----- From: owner-ip-sub-1 () admin listbox com [mailto:owner-ip-sub-1 () admin listbox com]On Behalf Of Dave Farber Sent: Monday, April 23, 2001 7:24 PM To: ip-sub-1 () majordomo pobox com Subject: IP: re Security flaw found in Alcatel's high-speed modems: [risks] Risks Digest 21.35Date: Mon, 23 Apr 2001 21:19:42 -0400 (EDT) From: elijah wright <elw () stderr org> To: farber () cis upenn edu Subject: Re: IP: Security flaw found in Alcatel's high-speed modems:[risks]Risks Digest 21.35Computer Emergency Response Team. The point, continued Liberation, is simple. Anyone can penetrate a computer system linked to the InternetbyAlcatel 1000 ADSL and Speed Touch Home modems.this is a publicity-seeking overstatement, dave- the bugtraq reports have stated that the modems are vulnerable to remote control by an attacker, not the systems attached to the modems. for example, a remote attacker can disable your modem completely, possibly overwriting the firmware on-board the modem itself with garbage. essentially, this is an inflated report of vulnerability in a product that doesn't even directly interact with the functionality that would be affected by an attempted 'penetration'- at least, not as we typically refer to intrusions... elijahFor archives see: http://www.interesting-people.org/
For archives see: http://www.interesting-people.org/
Current thread:
- IP: re Security flaw found in Alcatel's high-speed modems: David Farber (Apr 24)