[Sussex] JavaScript is no longer secure: TURN IT OFF NOW!
Steven Dobson
steve at dobson.org
Sun Aug 13 10:14:12 UTC 2006
On Sun, 2006-08-13 at 11:06 +0100, Nicholas Butler wrote:
> So is it not therefore better to
>
> 1) switch off upnp configuration on all network devices.
This is something you should do anyway.
> 2) change the default passwords on your router
Don't all the manuals that come with a router say to change the default
passwords as the first part of configuing the device?
> 3) err not use linksys ?
Well the bug was found six months ago and Linksys was told of it then.
If they are not going to fix bugs then all that can be done is to go
public about the bug so we all know _not_ to use Linksys if we want
security.
> I ran the test proof of concept and it did not discover anything on my
> network. Missing the router/apache webserver and local iis server on my
> XP box.
Found everything on mine.
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060813/daf2a64f/attachment.pgp
More information about the Sussex
mailing list