Re: Barracuda backdoor

["corpus.defero" <corpus.defero () idnet com>]

On Thu, 2011-04-28 at 08:29 -0700, ichib0d crane wrote:
(snipped)
> but that doesn't
> change the fact that Barracuda has done something likely bad here. A
> vendor should make it explicitly clear when they have the capability
> to disable remote products that have already been purchased. Maybe
> their ToS allows it, maybe not. Either way it is highly unethical.
They can't. All they can do is disable updating of the virus and spam
definitions. It will still work without a subscription to 'energize
updates'.

There was once an obvious and open back door on these units redirecting
port 25 (naturally open on a firewall) to a listening SSH daemon for
IP's belonging to Barracuda. It was not very sophisticated, just an
IPTABLES rule.

Here is the rub with Barracuda - and forgive me for being rude but my
observations of them over the last few years has made them a bit of chew
toy. The majority of their core team are either clueless retards or high
on drugs. Honestly, just tug apart some of the code in one of these
boxes and it is seriously lame to the point anyone who has progressed
past schoolboy BASIC will usually cry laughing.

Seriously, anyone who pays $£40k for one of these really needs to be put
into an institution as it is money very poorly spent. That's the end of
my contribution and now I must sleep until I see that name spring up
again somewhere else.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/