No subject
Mon Feb 7 10:29:41 EST 2005
>V. Commentary and Observations > >It is remarkable that for every method
provided for accessing the box >(HTTP,TELNET, FTP, and TFTP) it is
possible to directly bypass any >access controls the owner may try to put
in place. > >It seems very poor form to let a user set a password that
they believe >will be enforced while deliberately leaving such a back
door, >especially given that there are other (well documented) mechanisms
for >clearing or resetting a password should it become lost. > >A
malicious firmware load could be carried as a worm or virus payload >to a
host on the inside Ethernet, and could survive the eradication of >the
worm or virus on the host platform. >
I believe that if you are running one of these modems piggy back over a
voice line that is possible to eavesdrop on conversations taking place
within earshot of the phone. I cannot vouch for this though.
If this is of great concern to you your safest bet is probably to get a
new modem.
More information about the OCLUG
mailing list