Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Port scanning /0 using insecure embedded devices
From: Valdis.Kletnieks () vt edu
Date: Thu, 21 Mar 2013 21:08:27 -0400

On Tue, 19 Mar 2013 17:25:18 -0400, Jeffrey Walton said:
Many of them are based on Linux and allow
login to standard BusyBox with empty or
default credentials.
Forgive my ignorance, but what does the authentication problem (or
lack thereof) have to do with linux/uclibc/busybox? It seems to be a
manufacturer problem (for example, Actiontec) or an  integrator
problem (such as Verizon or Comacast), unless I am missing something.

For the integrator, it's a warning flag: "53 companies have made this same
identical mistake, don't be the 54th".

For the black hats, it's low-hanging fruit.


Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]