Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: gnucitizen bt home hub latest, attacks wide spread, outages reported

From: "Valery Marchuk" <tecklord () securitylab ru>
Date: Sat, 13 Oct 2007 00:15:47 +0300
gnucitizen may be responible for bt being under a massive attack right
now.

Oh my God, people stop talking nonsense!


Have you seen the video provided by gnusitizen.org with demonstration of
this attack or read the vulnerability description?

The guy sends a link to victim, victim visits this link and bam. we see the
IP address of the router (there are many ways to get his information. I`m
not familiar with BT products, so I won`t try to guess which way was used).
Then, we see, how attacker is trying to get access to the device via web
interface, then we see an authentication dialog, which is bypassed via
default password or through a bug in authentication mechanism. That's it.



Best regards,
Valery Marchuk
www.SecurityLab.ru

----- Original Message ----- 
From: "worried security" <worriedsecurity () googlemail com>
To: <full-disclosure () lists grok org uk>
Sent: Friday, October 12, 2007 7:15 PM
Subject: [Full-disclosure] gnucitizen bt home hub latest, attacks wide
spread,outages reported



gnucitizen 0day concerning bt home hub router firmware is vulnerable to
attack.

bbc radio 1's newsbeat program has been reporting today that customers
can't
connect to the internet.

bbc radio 1 is a national and international radio station.

i tried to look on the bbc radio 1 newsbeat site but they haven't put an
online version of the report online.

they didn't say gnucitizen on the radio but they said a group.

they said bt customers have been reporting problems with their bt home hub
and the report said bt are denying its connected with the security groups
disclosure.

this is very interesting but there is very little online about it, even
from
the bbc, who have been reporting on it via bbc radio 1 at 16:30pm (UK GMT)
today.

i urge people to investigate.

gnucitizen may be responible for bt being under a massive attack right
now.

the media can phone up bbc radio 1 newsbeat and ask for a copy of the
report
to be put online.

i think they should.

the bbc radio 1 shouldn't give reports like that without putting it
online.

should gnucitizen get into trouble or should we not blame the researchers
and only the script kids who have brought down bt today?

bbc radio 1 is a music station and the news reports are just top of the
hour
news flashes lasting about 5 miniutes.

they didn't repeat the report at 17:00pm GMT today, but maybe they will
repeat it in their 17:45pm GMT news update?

i'm sorry i don't have a link, but there isn't one online, UNBELIEVABLE
for
the bbc, they are usually good at standards.




--------------------------------------------------------------------------------



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: