Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»Massive security hole let...»Reply #1
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

In reply to the discussion: Massive security hole lets hackers control millions of cameras, printers and routers [View all]

DainBramaged

(39,191 posts)
1. The problem is, the system has to be so badly compromised that they could attack a singular PC
Reply to IDemo (Original post)
Wed Jan 30, 2013, 05:50 PM
Jan 2013

There were holes discovered in Barracuda networks hardware recently, all because they source product from China instead of the US.


https://krebsonsecurity.com/2013/01/backdoors-found-in-barracuda-networks-gear/


variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.

Barracuda’s hardware devices are broadly deployed in corporate environments, including the Barracuda Web Filter, Message Archiver, Web Application Firewall, Link Balancer, and SSL VPN. Stefan Viehböck, a security researcher at Vienna, Austria-based SEC Consult Vulnerability Lab., discovered in November 2012 that these devices all included undocumented operating system accounts that could be used to access the appliances remotely over the Internet via secure shell (SSH).

Viehböck found that the username “product” could be used to login and gain access to the device’s MySQL database (root@localhost) with no password, which he said would allow an attacker to add new users with administrative privileges to the appliances. SEC Consult found a password file containing a number of other accounts and hashed passwords, some of which were uncomplicated and could be cracked with little effort.

Viehböck said he soon found that these devices all were configured out-of-the-box to listen for incoming SSH connections on those undocumented accounts, but that the devices were set to accept connection attempts only from Internet address ranges occupied by Barracuda Networks. Unfortunately, Barracuda is not the only occupant of these ranges. Indeed, a cursory lookup of the address ranges at network mapping site Robtex.com shows there are potentially hundreds of other companies running Web sites and other online operations in the same space.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Edit history

Please sign in to view edit histories.
14 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies RecommendedHighlight replies with 5 or more recommendations
Massive security hole lets hackers control millions of cameras, printers and routers [View all] IDemo Jan 2013 OP
The problem is, the system has to be so badly compromised that they could attack a singular PC DainBramaged Jan 2013 #1
As I understand it, This has nothing to to with the UPnP bug ProfessionalLeftist Feb 2013 #8
I can SEE you!!!!! benld74 Jan 2013 #2
You don't have a piece of tape over your webcam? RILib Jan 2013 #3
Post-It note Hekate Feb 2013 #11
I have a piece of tape with tinfoil in the middle over my webcam. truthisfreedom Feb 2013 #12
I feel left out..I don't seem to have a web cam. dixiegrrrrl Feb 2013 #13
Scan your home router from the internet with this tool: ProfessionalLeftist Jan 2013 #4
I would never direct a tool on the internet to scan my anything. (nt) reACTIONary Jan 2013 #6
Suit yourself. n/t ProfessionalLeftist Feb 2013 #7
Oh Noes!!1! AmyDeLune Jan 2013 #5
It's a little more serious than that... ProfessionalLeftist Feb 2013 #10
In addition to the other comments... Xithras Feb 2013 #14
You do know where this is leading, don't you? Ian Iam Feb 2013 #9
Latest Discussions»Latest Breaking News»Massive security hole let...»Reply #1
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.