<br><br>
<div><span class="gmail_quote">On 10/12/07, <b class="gmail_sendername">Valery Marchuk</b> <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:tecklord@securitylab.ru" target="_blank">tecklord@securitylab.ru
</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">> gnucitizen may be responible for bt being under a massive attack right<br>> now.<br>Oh my God, people stop talking nonsense!
<br><br><br>Have you seen the video provided by <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://gnusitizen.org/" target="_blank">gnusitizen.org</a> with demonstration of<br>this attack or read the vulnerability description?
<br><br>The guy sends a link to victim, victim visits this link and bam. we see the <br>IP address of the router (there are many ways to get his information. I`m<br>not familiar with BT products, so I won`t try to guess which way was used).
<br>Then, we see, how attacker is trying to get access to the device via web <br>interface, then we see an authentication dialog, which is bypassed via<br>default password or through a bug in authentication mechanism. That's it.
</blockquote>
<div> </div>
<div>I said "maybe responisble".</div>
<div> </div>
<div>and you think it hasn't tipped off hackers such as the folks as StrikeCenter <a onclick="return top.js.OpenExtLink(window,event,this)" href="https://strikecenter.bpointsys.com/" target="_blank">https://strikecenter.bpointsys.com/
</a> who love to reverse engineer patches, videos and other stuff. </div>
<div> </div>
<div>plus, we don't all know whats available "underground", so perhaps a 0-day exploit is in the wild? Because perhaps a hacker has worked out the how to exploit the hole from the reported vulnerability seen on gnucitizen.
</div>
<div> </div>
<div>just because the full exploit isn't on gnucitizen website doesn't mean their tip off hasn't led to hackers and script kids focusing on the router to work out whats going on.</div>
<div> </div>
<div>and if someone does work out the exploit for the vulnerability, its very serious.</div>
<div> </div>
<div>i don't think gnucitizen are totally in the clear of responsibility if this does get out of hand.</div>
<div> </div>
<div>no one has come out to confirm or deny that there is a wide spread attack on these bt home hub routers yet, a very slow response from this list on the matter, i'm not impressed.</div>
<div> </div>
<div>i didn't say there was an attack, i just heard a news report very quickly and i wanted the bbc or someone on the list to confirm the story, but no one can be bothered at this stage to listen to anything i've got to say on the matter.
</div>
<div> </div>
<div>leave me alone and stop attacking me all the time, when all i'm doing is trying to help.</div>
<div> </div>
<div>should i of just ignored what i heard on the radio then? </div>
<div> </div>
<div>i think this kind of report i heard is a serious one that needs to be clarified, and if no one takes me seriously then so be it, but at least i tried to alert the security community about what i heard on bbc radio 1.
</div>
<div> </div>
<div>hopefully though the big corporations on this list have connected up a bt home hub router to the internet and are monitoring it for cyber attacks, which maybe attacking the routers firmware.</div>
<div> </div>
<div>and i wasn't intentionally trying to confuse, disinformation or just generally waste everyones time if it does turn out there are no attacks taking place.</div>
<div> </div>
<div>even if there are none cyber attacks taking place, it doesn't say there won't be any in the future, so get on top of this now.</div>
<div> </div>
<div>hopefully bt will roll out firmware updates very shortly.</div>
<div> </div>
<div>and for years now i've questioned how much researchers should take part of the blame when hackers or script kids attack the internet after a researcher discloses information, not just today.</div>
<div> </div>
<div>if cyber attacks with the bt home hub router do happen or have happened, in my own mind i will think gnucitizen triggered off the whole event sequence, even if they didn't directly provide the exploit, they certainly tipped hackers and script kids off.
</div></div>