Re: gnucitizen bt home hub latest, attacks wide spread, outages reported

[gjgowey () tmo blackberry net]

I'm wondering if this is like some of the home based router problems of the past.  I seem to recall that it was maybe 
netgear that once had a problem where it didn't get rid of the factory password even after the end user set a new one, 
another brand had a problem where the cgi-bin dir was not properly protected, and another brand used to have a problem 
where the accessibility of the web based config interface was unaffected by any settings that the user might make.  
Another words, this might be some previously discovered vulnerability for another product that someone realized affects 
this product too.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "worried security" <worriedsecurity () googlemail com>

Date: Fri, 12 Oct 2007 23:05:22 
To:full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] gnucitizen bt home hub latest,
        attacks wide spread, outages reported


On 10/12/07, Valery Marchuk <tecklord () securitylab ru
 <mailto:tecklord () securitylab ru> > wrote: > gnucitizen may be responible for bt being under a massive attack right
> now.
Oh my God, people stop talking nonsense! 


Have you seen the video provided by gnusitizen.org <http://gnusitizen.org/>  with demonstration of
this attack or read the vulnerability description? 

The guy sends a link to victim, victim visits this link and bam. we see the 
IP address of the router (there are many ways to get his information. I`m
not familiar with BT products, so I won`t try to guess which way was used). 
Then, we see, how attacker is trying to get access to the device via web 
interface, then we see an authentication dialog, which is bypassed via
default password or through a bug in authentication mechanism. That's it. 
  
I said "maybe responisble". 
  
and you think it hasn't tipped off hackers such as the folks as StrikeCenter https://strikecenter.bpointsys.com/
 <https://strikecenter.bpointsys.com/>  who love to reverse engineer patches, videos and other stuff. 
  
plus, we don't all know whats available "underground", so perhaps a 0-day exploit is in the wild? Because perhaps a 
hacker has worked out the how to exploit the hole from the reported vulnerability seen on gnucitizen. 
  
just because the full exploit isn't on gnucitizen website doesn't mean their tip off hasn't led to hackers and script 
kids focusing on the router to work out whats going on. 
  
and if someone does work out the exploit for the vulnerability, its very serious. 
  
i don't think gnucitizen are totally in the clear of responsibility if this does get out of hand. 
  
no one has come out to confirm or deny that there is a wide spread attack on these bt home hub routers yet, a very slow 
response from this list on the matter, i'm not impressed. 
  
i didn't say there was an attack, i just heard a news report very quickly and i wanted the bbc or someone on the list 
to confirm the story, but no one can be bothered at this stage to listen to anything i've got to say on the matter. 
  
leave me alone and stop attacking me all the time, when all i'm doing is trying to help. 
  
should i of just ignored what i heard on the radio then? 
  
i think this kind of report i heard is a serious one that needs to be clarified, and if no one takes me seriously then 
so be it, but at least i tried to alert the security community about what i heard on bbc radio 1. 
  
hopefully though the big corporations on this list have connected up a bt home hub router to the internet and are 
monitoring it for cyber attacks, which maybe attacking the routers firmware. 
  
and i wasn't intentionally trying to confuse, disinformation or just generally waste everyones time if it does turn out 
there are no attacks taking place. 
  
even if there are none cyber attacks taking place, it doesn't say there won't be any in the future, so get on top of 
this now. 
  
hopefully bt will roll out firmware updates very shortly. 
  
and for years now i've questioned how much researchers should take part of the blame when hackers or script kids attack 
the internet after a researcher discloses information, not just today. 
  
if cyber attacks with the bt home hub router do happen or have happened, in my own mind i will think gnucitizen 
triggered off the whole event sequence, even if they didn't directly provide the exploit, they certainly tipped hackers 
and script kids off. _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/