Tele2 - Versatel and Vivendi - exploit

["Urs E. Gattiker" <WebUrs () WebUrb dk>]

Tele 2 has recently announced that it is selling its Benelux assets 
to Versatel and yesterday it informed the media that it intends to do 
the same with its French assets, selling those to Vivendi.

The company that touts itself as providing economical broadband and 
telecommunication services does, however, have a slight problem 
regarding information security.

A vulenrability is being taken advantage off by various groups of 
people and, in turn, this could harm home users that receive their 
broadband and fixed-line services from Tele2.

In fact, several security features can be de-activated allowing a 
malicious user to take control of a user's PC, his broadband 
connection as well as his phone line as described here with a screen shot:

http://cytrap.eu/blog/?p=57

This is another example where user's face risks regarding their 
internet connection they might not even be aware of. Another one of 
those is the recent Fon example also circulated on this list.

Urs E. Gattiker
CyTRAP Labs & CASEScontact.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/