mailing list archives
ISP in the UK Terminates Account after Full Disclosure
From: Aviram Jenik <aviram () beyondsecurity com>
Date: Sun, 1 Apr 2007 01:18:39 -0400
beThere, a UK ISP distributed routers to customers with the telnet port open
and a default administrator password. A bit embarrassing.
Sid, who discovered the hole, originally blogged about it on SecuriTeam blogs,
which resulted in the ISP calling us within 24 hours to have Sid take down
the password information (as if that can't be figured out by the average
script kiddie), but a month and a half later the problem is still there. I
guess we know where their priorities are.
What else didn't take them long to do? Terminating Sid's Internet account.
Yeah, that'll teach him a lesson telling the world about security holes in
beThere's service. Bad customer. Go bother someone else.
Oh, and the backdoor? Still there, thanks for asking.
My longer rant here:
And here's Sid's original disclosure:
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- ISP in the UK Terminates Account after Full Disclosure Aviram Jenik (Apr 01)