[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported

To: "worried security" <worriedsecurity@xxxxxxxxxxxxxx>, full-disclosure-bounces@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported
From: gjgowey@xxxxxxxxxxxxxxxxxx
Date: Fri, 12 Oct 2007 22:27:31 +0000

I'm wondering if this is like some of the home based router problems of the 
past.  I seem to recall that it was maybe netgear that once had a problem where 
it didn't get rid of the factory password even after the end user set a new 
one, another brand had a problem where the cgi-bin dir was not properly 
protected, and another brand used to have a problem where the accessibility of 
the web based config interface was unaffected by any settings that the user 
might make.  Another words, this might be some previously discovered 
vulnerability for another product that someone realized affects this product 
too.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "worried security" <worriedsecurity@xxxxxxxxxxxxxx>

Date: Fri, 12 Oct 2007 23:05:22 
To:full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] gnucitizen bt home hub latest,
        attacks wide spread, outages reported


On 10/12/07, Valery Marchuk <tecklord@xxxxxxxxxxxxxx
 <mailto:tecklord@xxxxxxxxxxxxxx> > wrote: > gnucitizen may be responible for 
bt being under a massive attack right
> now.
Oh my God, people stop talking nonsense! 


Have you seen the video provided by gnusitizen.org <http://gnusitizen.org/>  
with demonstration of
this attack or read the vulnerability description? 

The guy sends a link to victim, victim visits this link and bam. we see the 
IP address of the router (there are many ways to get his information. I`m
not familiar with BT products, so I won`t try to guess which way was used). 
Then, we see, how attacker is trying to get access to the device via web 
interface, then we see an authentication dialog, which is bypassed via
default password or through a bug in authentication mechanism. That's it. 
  
I said "maybe responisble". 
  
and you think it hasn't tipped off hackers such as the folks as StrikeCenter 
https://strikecenter.bpointsys.com/
 <https://strikecenter.bpointsys.com/>  who love to reverse engineer patches, 
videos and other stuff. 
  
plus, we don't all know whats available "underground", so perhaps a 0-day 
exploit is in the wild? Because perhaps a hacker has worked out the how to 
exploit the hole from the reported vulnerability seen on gnucitizen. 
  
just because the full exploit isn't on gnucitizen website doesn't mean their 
tip off hasn't led to hackers and script kids focusing on the router to work 
out whats going on. 
  
and if someone does work out the exploit for the vulnerability, its very 
serious. 
  
i don't think gnucitizen are totally in the clear of responsibility if this 
does get out of hand. 
  
no one has come out to confirm or deny that there is a wide spread attack on 
these bt home hub routers yet, a very slow response from this list on the 
matter, i'm not impressed. 
  
i didn't say there was an attack, i just heard a news report very quickly and i 
wanted the bbc or someone on the list to confirm the story, but no one can be 
bothered at this stage to listen to anything i've got to say on the matter. 
  
leave me alone and stop attacking me all the time, when all i'm doing is trying 
to help. 
  
should i of just ignored what i heard on the radio then? 
  
i think this kind of report i heard is a serious one that needs to be 
clarified, and if no one takes me seriously then so be it, but at least i tried 
to alert the security community about what i heard on bbc radio 1. 
  
hopefully though the big corporations on this list have connected up a bt home 
hub router to the internet and are monitoring it for cyber attacks, which maybe 
attacking the routers firmware. 
  
and i wasn't intentionally trying to confuse, disinformation or just generally 
waste everyones time if it does turn out there are no attacks taking place. 
  
even if there are none cyber attacks taking place, it doesn't say there won't 
be any in the future, so get on top of this now. 
  
hopefully bt will roll out firmware updates very shortly. 
  
and for years now i've questioned how much researchers should take part of the 
blame when hackers or script kids attack the internet after a researcher 
discloses information, not just today. 
  
if cyber attacks with the bt home hub router do happen or have happened, in my 
own mind i will think gnucitizen triggered off the whole event sequence, even 
if they didn't directly provide the exploit, they certainly tipped hackers and 
script kids off. _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported
  - From: worried security
- Re: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported
  - From: worried security

Prev by Date: Re: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported
Next by Date: Re: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported
Previous by thread: Re: [Full-disclosure] gnucitizen bt home hub latest, attacks wide spread, outages reported
Next by thread: [Full-disclosure] [USN-530-1] hplip vulnerability
Index(es):
- Date
- Thread