Ars breaks Misfortune Cookie vulnerability news to public
frnkblk at iname.com
Sat Dec 20 03:18:06 UTC 2014
On what basis do you assume that there is TR-069 support in these routers? And even if there is, that the service provider manages them via TR-069?
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Eric Tykwinski
Sent: Friday, December 19, 2014 6:47 PM
To: Jay Ashworth
Subject: Re: Ars breaks Misfortune Cookie vulnerability news to public
Here’s the thing I don’t get… You have X provider supplying routers with vulnerable firmware that have remote support (TR-069) enabled.
Why would Check Point not at least name and shame, instead of trying to market their security? I know the hack is old, but grandma isn’t probably up to date on the latest firmware that should have been upgrade through TR-069. I’m honestly more upset with the reporting than the normal residential cpe didn’t get upgraded.
But yeah, Happy Holidays everyone...
> On Dec 19, 2014, at 5:54 PM, Jay Ashworth <jra at baylink.com> wrote:
> While the flaw is 12 years old and the fix 9, the article suggests that
> firmware for consumer routers may yet be being built with the vulnerable
> webserver code baked in.
> If you are responsible for lots of eyeballs you might want to look at this.
> Have a nice Christmas weekend. :-)
> -- jra
> Jay R. Ashworth Baylink jra at baylink.com
> Designer The Things I Think RFC 2100
> Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the NANOG