[176938] in North American Network Operators' Group
RE: Ars breaks Misfortune Cookie vulnerability news to public
daemon@ATHENA.MIT.EDU (Frank Bulk)
Fri Dec 19 22:18:17 2014
X-Original-To: nanog@nanog.org
From: "Frank Bulk" <frnkblk@iname.com>
To: "'Eric Tykwinski'" <eric-list@truenet.com>
In-Reply-To: <B8648808-691A-4772-9535-2D2AA331A7BF@truenet.com>
Date: Fri, 19 Dec 2014 21:18:06 -0600
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On what basis do you assume that there is TR-069 support in these =
routers? And even if there is, that the service provider manages them =
via TR-069?
Frank
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Eric Tykwinski
Sent: Friday, December 19, 2014 6:47 PM
To: Jay Ashworth
Cc: NANOG
Subject: Re: Ars breaks Misfortune Cookie vulnerability news to public
Here=E2=80=99s the thing I don=E2=80=99t get=E2=80=A6 You have X =
provider supplying routers with vulnerable firmware that have remote =
support (TR-069) enabled.
Why would Check Point not at least name and shame, instead of trying to =
market their security? I know the hack is old, but grandma =
isn=E2=80=99t probably up to date on the latest firmware that should =
have been upgrade through TR-069. I=E2=80=99m honestly more upset with =
the reporting than the normal residential cpe didn=E2=80=99t get =
upgraded.
But yeah, Happy Holidays everyone...
Sincerely,
Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
F: 610-429-3222
> On Dec 19, 2014, at 5:54 PM, Jay Ashworth <jra@baylink.com> wrote:
>=20
> While the flaw is 12 years old and the fix 9, the article suggests =
that
> firmware for consumer routers may yet be being built with the =
vulnerable
> webserver code baked in.
>=20
> If you are responsible for lots of eyeballs you might want to look at =
this.
>=20
> =
http://arstechnica.com/security/2014/12/12-million-home-and-business-rout=
ers-vulnerable-to-critical-hijacking-hack/
>=20
> Have a nice Christmas weekend. :-)
>=20
> Cheers,
> -- jra
>=20
> --=20
> Jay R. Ashworth Baylink =
jra@baylink.com
> Designer The Things I Think =
RFC 2100
> Ashworth & Associates http://www.bcp38.info 2000 Land =
Rover DII
> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 =
647 1274
