<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: hacking the mitsubishi GB-50A

Re: hacking the mitsubishi GB-50A

From: Chris Withers <chris_at_simplistix.co.uk>
Date: Tue, 25 Mar 2008 13:48:18 +0000

Desai, Ashish wrote:
> If you read your own post you would realize that Mitsubishi
> kept the device ipaddress prefix as 192.168.1 so only you can attack
> yourself.

Well, as James pointed out already, this reply is a little silly.

But, just to be clear, if Mitsubishi had explicitly documented that this
device should only be used on a private network and had no access
controls, I don't think I'd have a problem.

However, they show a username/password box (which I'm betting is fairly
easilly circumvented if you know the right urls and can forge a cookie
on the client...) so I think it's fair game to expect them to implement
some kind of real security.

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

Received on Mar 25 2008

This message: [ Message body ]
Next message: Joe: "Re: [BUGTRAQ] RE: hacking the mitsubishi GB-50A"
Previous message: Vincent Archer: "Re: hacking the mitsubishi GB-50A"
In reply to: Desai, Ashish: "RE: hacking the mitsubishi GB-50A"
Next in thread: Steven M. Christey: "Re: hacking the mitsubishi GB-50A"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]