North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical ABOVE.NET SECURITY TRUTHS?
> > I guess by now everyone knows what happened. Paul, can you share some info > > with the rest of us about what the vulnerability was so we can "plug the > > hole"? > > "Plug the hole" was a figure of speech. You pretty much all know that if > MFN/Abovenet suspected a way in which other providers were vulnerable, we'd > have shared that information with you (privately) by now. > -- > Paul Vixie <[email protected]> > SVP for Internet Services, MFNX HAHAHA the reason no other provider is vulnerable is because no other provider with half a clue has the same simple login and enable "p4ssw0rds" on all their switches, and internal machines in their sjc facilities on hubs. What does one expect will happen when their switch passwords become public knowledge? The funny thing is the passwords were originally sniffed by MafiaBoy. There's no need to "privately" share a fix/hole in this case. The ENTIRE problem here, is above's total inability to secure their own switches. And it SHOULD be public. People who control literally MILLIONS OF DOLLARS of other people's data per second NEED to learn, that CORE NETWORKS NEED TO BE PROTECTED. (i.e. CHANGING PASSWORDS, NOT PERMITTING "COMMON PASSWORDS") I hope we ALL learn a lesson from this. __________________________________________________ Do You Yahoo!? Talk to your friends online and get email alerts with Yahoo! Messenger. http://im.yahoo.com/
|