[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: re Security flaw found in Alcatel's high-speed modems:
>From: "Geoff Mulligan" <geoff@mulligan.com> >To: <farber@cis.upenn.edu> >Subject: RE: re Security flaw found in Alcatel's high-speed modems: >[risks] Risks Digest 21.35 >Date: Mon, 23 Apr 2001 19:33:22 -0600 >X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) >Importance: Normal > >Well Dave, this then is an understatement. > >Having helped Tsutomu work on this, I can tell you that the modem can be >completely compromised such that you can have it capture all traffic in and >out of the network and all traffic on the lan connected to the modem. In >addition since it is possible to overwrite the firmware, not just with >"garbage" but with a "revised" version of working code, this penetration of >the network (maybe not the systems) is rather complete. > >What is most disconcerting about this security flaw, is that it seems it was >designed into the modem and is wide open back door for anyone to "snoop" >your data. I think it is unconscionable that a modem manufacturer would >purposefully install a "secret" back door. > >I don't know if you were able to see the original word document that I sent >you a pointer to that included the revisions. If you'd like to, let me >know. I saved a copy. > > geoff > >-----Original Message----- >From: owner-ip-sub-1@admin.listbox.com >[mailto:owner-ip-sub-1@admin.listbox.com]On Behalf Of Dave Farber >Sent: Monday, April 23, 2001 7:24 PM >To: ip-sub-1@majordomo.pobox.com >Subject: IP: re Security flaw found in Alcatel's high-speed modems: >[risks] Risks Digest 21.35 > > > > >Date: Mon, 23 Apr 2001 21:19:42 -0400 (EDT) > >From: elijah wright <elw@stderr.org> > >To: farber@cis.upenn.edu > >Subject: Re: IP: Security flaw found in Alcatel's high-speed modems: >[risks] > > Risks Digest 21.35 > > > > > > > >Computer Emergency Response Team. The point, continued Liberation, is > > > >simple. Anyone can penetrate a computer system linked to the Internet >by > > > >Alcatel 1000 ADSL and Speed Touch Home modems. > > > >this is a publicity-seeking overstatement, dave- the bugtraq reports have > >stated that the modems are vulnerable to remote control by an attacker, > >not the systems attached to the modems. for example, a remote attacker > >can disable your modem completely, possibly overwriting the firmware > >on-board the modem itself with garbage. > > > >essentially, this is an inflated report of vulnerability in a product that > >doesn't even directly interact with the functionality that would be > >affected by an attempted 'penetration'- at least, not as we typically > >refer to intrusions... > > > >elijah > > > >For archives see: http://www.interesting-people.org/ For archives see: http://www.interesting-people.org/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC