Full Disclosure mailing list archives
Re: CORE-20021005: Vulnerability Report For Li
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 12 Dec 2002 10:37:02 +1300
AARG! Anonymous <remailer () aarg net> wrote:
At 08:10 PM 12/10/02 -0300, CORE Advisories wrote:Many Linksys' network appliances have a remote administration and configuration interface via HTTP, either from the local network, or, if it's enabled, from any host across the internet.I just want to make sure I've got this right: It comes with secure defaults. But if I decide to open it up, it's not secure any more. Gee, I wonder what other products could be configured into an insecure state and boilerplated into an advisory? And would iDefense pay me for them?
I don't see why not. It seems iDefense staff have very short memories and cannot even run Google searches of obvious terms from the advisories they are apparently so eager to buy. For example, their recent Eudora advisory was obviously a trivial rehash (either unintentional or otherwise I'll leave to others to decide) of one from much earlier this year, as acknowledged in an updated advisory posted the next day. But the updated advisory did not go further and point out that in fact, both are really only minor updates to a series of advisories dating back at least two years, and possibly longer (I got tired of Googling after finding essentially similar advisories from early 2000 but am fairly sure I recall discussion of similar issues related to the predicability of the (default) Eudora "detach" directory name from early 1999 if not even earlier). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: CORE-20021005: Vulnerability Report For Linksys AARG! Anonymous (Dec 11)
- Re: CORE-20021005: Vulnerability Report For Li Nick FitzGerald (Dec 11)