Full Disclosure mailing list archives
Re: Port scanning /0 using insecure embedded devices
From: Valdis.Kletnieks () vt edu
Date: Thu, 21 Mar 2013 21:08:27 -0400
On Tue, 19 Mar 2013 17:25:18 -0400, Jeffrey Walton said:
Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials.Forgive my ignorance, but what does the authentication problem (or lack thereof) have to do with linux/uclibc/busybox? It seems to be a manufacturer problem (for example, Actiontec) or an integrator problem (such as Verizon or Comacast), unless I am missing something.
For the integrator, it's a warning flag: "53 companies have made this same identical mistake, don't be the 54th". For the black hats, it's low-hanging fruit.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Port scanning /0 using insecure embedded devices internet census (Mar 18)
- Re: Port scanning /0 using insecure embedded devices Jeffrey Walton (Mar 19)
- Re: Port scanning /0 using insecure embedded devices Valdis . Kletnieks (Mar 21)
- Re: Port scanning /0 using insecure embedded devices Stefan Jon Silverman (Mar 26)
- Re: Port scanning /0 using insecure embedded devices Gage Bystrom (Mar 27)
- Re: Port scanning /0 using insecure embedded devices Jeffrey Walton (Mar 19)