Linksys WRT54g security

Discussion in 'NZ Computing' started by KewlKiwi, Oct 1, 2005.

  1. KewlKiwi

    KewlKiwi Guest

    See:

    <http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1124857,00.html?track=NL-105&ad=529860>

    or http://tinyurl.com/a736k
     
    KewlKiwi, Oct 1, 2005
    #1
    1. Advertising

  2. In article <433e447a$>, KewlKiwi <>
    wrote:

    ><http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1124857
    >,00.html?track=NL-105&ad=529860>


    That article is dated over two weeks ago. And guess what
    <http://www.linksys.com/servlet/Satellite?childpagename=US/Layout&packe
    dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D1127782957298&pagen
    ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
    released from four days ago.

    Things move fast in the open-source world...
     
    Lawrence D'Oliveiro, Oct 1, 2005
    #2
    1. Advertising

  3. KewlKiwi

    Mercury Guest

    so much for your many eyes theory then. how do you explain the exploit being
    there in the first place?

    "Things move fast in the open-source world..."

    hmmm. fix on fail? superior coding, best programmers, least code flaws?

    "Lawrence D'Oliveiro" <_zealand> wrote in message
    news:...
    > In article <433e447a$>, KewlKiwi <>
    > wrote:
    >
    >><http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1124857
    >>,00.html?track=NL-105&ad=529860>

    >
    > That article is dated over two weeks ago. And guess what
    > <http://www.linksys.com/servlet/Satellite?childpagename=US/Layout&packe
    > dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D1127782957298&pagen
    > ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
    > released from four days ago.
    >
    > Things move fast in the open-source world...
     
    Mercury, Oct 1, 2005
    #3
  4. In article <dhlmvq$o64$>, "Mercury" <>
    wrote:

    >so much for your many eyes theory then. how do you explain the exploit being
    >there in the first place?
    >
    >"Things move fast in the open-source world..."
    >
    >hmmm. fix on fail? superior coding, best programmers, least code flaws?
    >
    >"Lawrence D'Oliveiro" <_zealand> wrote in message
    >news:...
    >> In article <433e447a$>, KewlKiwi <>
    >> wrote:
    >>
    >>><http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci11248
    >>>57
    >>>,00.html?track=NL-105&ad=529860>

    >>
    >> That article is dated over two weeks ago. And guess what
    >> <http://www.linksys.com/servlet/Satellite?childpagename=US/Layout&packe
    >> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D1127782957298&pagen
    >> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
    >> released from four days ago.
    >>
    >> Things move fast in the open-source world...


    Better than not fixing the problem at all
    <http://groups.google.co.nz/group/nz.comp/msg/0b84b3efc7ec5ce4>...
     
    Lawrence D'Oliveiro, Oct 1, 2005
    #4
  5. KewlKiwi

    -=rjh=- Guest

    Lawrence D'Oliveiro wrote:
    > In article <433e447a$>, KewlKiwi <>
    > wrote:
    >
    >
    >><http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1124857
    >>,00.html?track=NL-105&ad=529860>

    >
    >
    > That article is dated over two weeks ago. And guess what
    > <http://www.linksys.com/servlet/Satellite?childpagename=US/Layout&packe
    > dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D1127782957298&pagen
    > ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
    > released from four days ago.
    >
    > Things move fast in the open-source world...


    Not sure where you are seeing that: the firmware version that fixes all
    these vulnerabilities appears to be 4.20.7 which is dated 25/8/2005,
    with nothing newer that I can see. So this was fixed five weeks ago, ie
    3 weeks before the article.

    I've got a GS, which doesn't appear to be affected but hard to be sure.

    Also, since this is a security issue, why are owners dependent on chance
    mentions in media and newsgroups to be made aware of these issues? The
    industry really needs to get its act together on this kind of thing. For
    example, why can't the AP have an option to check for updates or
    information and add it to the logs?
     
    -=rjh=-, Oct 1, 2005
    #5
  6. KewlKiwi

    Richard Guest

    -=rjh=- wrote:
    > Lawrence D'Oliveiro wrote:
    >
    >> In article <433e447a$>, KewlKiwi <>
    >> wrote:
    >>
    >>
    >>> <http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1124857
    >>>
    >>> ,00.html?track=NL-105&ad=529860>

    >>
    >>
    >>
    >> That article is dated over two weeks ago. And guess what
    >> <http://www.linksys.com/servlet/Satellite?childpagename=US/Layout&packe
    >> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D1127782957298&pagen
    >> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
    >> released from four days ago.
    >>
    >> Things move fast in the open-source world...

    >
    >
    > Not sure where you are seeing that: the firmware version that fixes all
    > these vulnerabilities appears to be 4.20.7 which is dated 25/8/2005,
    > with nothing newer that I can see. So this was fixed five weeks ago, ie
    > 3 weeks before the article.
    >
    > I've got a GS, which doesn't appear to be affected but hard to be sure.
    >
    > Also, since this is a security issue, why are owners dependent on chance
    > mentions in media and newsgroups to be made aware of these issues? The
    > industry really needs to get its act together on this kind of thing. For
    > example, why can't the AP have an option to check for updates or
    > information and add it to the logs?


    All those flaws are in the web interface on the router, and if someone has
    access to that then you already have problems because they are _on your lan_ -
    It will however be of concern if you have the remote administration turned on
    however.
     
    Richard, Oct 2, 2005
    #6
  7. In article <433e739c$>, -=rjh=- <>
    wrote:

    >Lawrence D'Oliveiro wrote:
    >> In article <433e447a$>, KewlKiwi <>
    >> wrote:
    >>
    >>><http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci11248
    >>>57
    >>>,00.html?track=NL-105&ad=529860>

    >>
    >>
    >> That article is dated over two weeks ago. And guess what
    >> <http://www.linksys.com/servlet/Satellite?childpagename=US/Layout&packe
    >> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D1127782957298&pagen
    >> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
    >> released from four days ago.
    >>
    >> Things move fast in the open-source world...

    >
    >Not sure where you are seeing that: the firmware version that fixes all
    >these vulnerabilities appears to be 4.20.7 which is dated 25/8/2005,
    >with nothing newer that I can see. So this was fixed five weeks ago, ie
    >3 weeks before the article.


    See, things move *really* fast in the open-source world. :)

    >I've got a GS, which doesn't appear to be affected but hard to be sure.
    >
    >Also, since this is a security issue, why are owners dependent on chance
    >mentions in media and newsgroups to be made aware of these issues? The
    >industry really needs to get its act together on this kind of thing. For
    >example, why can't the AP have an option to check for updates or
    >information and add it to the logs?


    I suppose this could be added in one of the third-party firmware distros.

    Or alternatively, why not just have one of your actual PCs set up to do
    the check...
     
    Lawrence D'Oliveiro, Oct 2, 2005
    #7
  8. KewlKiwi

    Mercury Guest

    now explain the exploit.

    "Lawrence D'Oliveiro" <_zealand> wrote in message
    news:...
    > In article <dhlmvq$o64$>, "Mercury" <>
    > wrote:
    >
    >>so much for your many eyes theory then. how do you explain the exploit
    >>being
    >>there in the first place?
    >>
    >>"Things move fast in the open-source world..."
    >>
    >>hmmm. fix on fail? superior coding, best programmers, least code flaws?
    >>
    >>"Lawrence D'Oliveiro" <_zealand> wrote in message
    >>news:...
    >>> In article <433e447a$>, KewlKiwi <>
    >>> wrote:
    >>>
    >>>><http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci11248
    >>>>57
    >>>>,00.html?track=NL-105&ad=529860>
    >>>
    >>> That article is dated over two weeks ago. And guess what
    >>> <http://www.linksys.com/servlet/Satellite?childpagename=US/Layout&packe
    >>> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D1127782957298&pagen
    >>> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
    >>> released from four days ago.
    >>>
    >>> Things move fast in the open-source world...

    >
    > Better than not fixing the problem at all
    > <http://groups.google.co.nz/group/nz.comp/msg/0b84b3efc7ec5ce4>...
     
    Mercury, Oct 4, 2005
    #8
  9. KewlKiwi

    shannon Guest

    Mercury wrote:
    > now explain the exploit.
    >


    why bother
    read setup recommendations
    turn on encryption
    disable wireless access to web interface
     
    shannon, Oct 4, 2005
    #9
  10. In article <dht964$t1m$>, "Mercury" <>
    wrote:

    >now explain the exploit.
    >
    >"Lawrence D'Oliveiro" <_zealand> wrote in message


    Why,

    >news:...
    >> In article <dhlmvq$o64$>, "Mercury" <>
    >> wrote:
    >>
    >>>so much for your many eyes theory then. how do you explain the exploit
    >>>being
    >>>there in the first place?


    don't

    >>>
    >>>"Things move fast in the open-source world..."
    >>>
    >>>hmmm. fix on fail? superior coding, best programmers, least code flaws?
    >>>
    >>>"Lawrence D'Oliveiro" <_zealand> wrote in message
    >>>news:...
    >>>> In article <433e447a$>, KewlKiwi <>


    you

    >>>> wrote:
    >>>>
    >>>>><http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci112
    >>>>>48
    >>>>>57
    >>>>>,00.html?track=NL-105&ad=529860>
    >>>>
    >>>> That article is dated over two weeks ago. And guess what


    understand

    >>>> <http://www.linksys.com/servlet/Satellite?childpagename=US/Layout&packe
    >>>> dargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D1127782957298&pagen
    >>>> ame=Linksys%2FCommon%2FVisitorWrapper>: there is already new firmware
    >>>> released from four days ago.
    >>>>
    >>>> Things move fast in the open-source world...

    >>
    >> Better than not fixing the problem at all
    >> <http://groups.google.co.nz/group/nz.comp/msg/0b84b3efc7ec5ce4>...


    it?
     
    Lawrence D'Oliveiro, Oct 5, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David Lipetz
    Replies:
    2
    Views:
    2,373
    David Lipetz
    Aug 26, 2004
  2. Marcel Bernards
    Replies:
    4
    Views:
    4,729
    Marcel Bernards
    Sep 11, 2004
  3. David Lipetz
    Replies:
    20
    Views:
    2,990
    Chris H.
    Sep 7, 2004
  4. =?Utf-8?B?Q2F2?=

    Linksys WRT54G and WPC54G network problems

    =?Utf-8?B?Q2F2?=, Oct 9, 2004, in forum: Wireless Networking
    Replies:
    5
    Views:
    5,674
    Tanya
    Oct 31, 2004
  5. Neil Barras

    Linksys WRT54G as a repeater or print server?

    Neil Barras, Nov 29, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    9,682
    Duane Arnold
    Nov 30, 2004
Loading...

Share This Page