bcoz we like the yellow fellow not the copycat blue bear

I'm curious what kind of lame ass response will tmnut give

TMnet cable fault.. in your router.

TheStar has the news as well.

http://techcentral.my/news/story.aspx?file...235&sec=IT_News

Will TMNet sue "rizvanrp" for exposing them? maybe say he is defaming TMNet?

he is stating a fact/truth. he has nothing to worry about. tm should thank him.

I was reading:
http://www.themalaysianinsider.com/malaysi...hacking-spying/
and the link leads me to here....

How ignorant yet stupid enough to turn-on remote access with guessable or findable password.... this is terrible .... what the hell TM is doing ??

I must thank "rizvanrp" for discovering the facts
at least now the public know TM is trying to do some funny things at out back-door without our knowledge.

Butthurt companies dont like the truth where it hurts them at their pockets and reputation. A lawsuit may happen.

Unifi ‘backdoor’ allows hacking, spying

http://blog.limkitsiang.com/2010/06/02/uni...hacking-spying/

read the first comment in the blog. carboncopy is wondering whether unifi users can file class action suit against tm LOL.

on the other hand i wonder what other manufacturers like linksys, aztech for eg think about unifi and the dir-615 exclusivity.



This post has been edited by almaty: Jun 2 2010, 07:59 PM

how to sue. Do they know rizvanrp in the first place? And to they know that they violate their own T&C ?

i guess the challenger has blown up now. Wonder how the TM team gonna solve this

lol from TM's tweet
http://bit.ly/a4h2qs

News Release

2 June 2010


STATEMENT


Telekom Malaysia Berhad ™ wishes to clarify the concerns raised by various parties with regards to the remote accessibility of UniFi routers which are part of the customer premises equipment (CPE) for all UniFi subscribers.

TM would like to assure all concerned parties that the only reason the UniFi router setting for remote access is enabled is for remote access troubleshooting purposes for the express use of our technical support personnel. In the event there is a technical support issue with any of our UniFi subscribers; at the first level of troubleshooting, TM’s network operation centre (NOC) can immediately remotely diagnose the problem before sending a support team on-site.

TM takes note of the security concerns that have been raised, and we have taken these issues to heart.

TM also acknowledges that there is a need to balance the public’s level of comfort with regards to security and privacy and TM’s own commitment to faster support turnaround time. As such, TM would like to maintain the higher level of service enabled by remote access management on customer routers, and in recognition of that TM will immediately change every UniFi customers’ router management password into a high security, unique one (which will be only known to the customer and TM). TM will notify all our Unifi customers of this change accordingly.

Suing a forummer is an easy task. All u need is police report and/or lawyers letter to demand such, and can hold this forum board accountable.

So if want to say something bad about TMnet, careful la. Now all blogs and news site points to this thread...so careful abit.

---

Added on June 2, 2010, 7:56 pmNot good enough

Remote access should only be granted on a need to bases by the client, and no TM staff should know nor be allowed such access unless explicitly granted.

They still want to maintain it. How can they assure that their TM staff dont exploit it?

This post has been edited by ayamkambing: Jun 2 2010, 07:56 PM

Actually they also did this on their corporate customer it just ur router username n password . Nobody can install anything into it . Even default username n password for Streamyx are also unsecured if u set the modem dial and store ur password in there

rizvanrp really famous this time..
TM screw up..

MX there's a difference between their Riger DSL modem which is pretty crappy and only has a web UI compared to a custom made DLINK DIR-615 with full SSH access.. full SSH access you can SSH tunnel.. you can view the conntrack table.. you can modify the iptables and DNS servers to redirect users to phishing sites..

exactly. totally agree with you on this.

example...employee plans to leave tm or finds out he is getting fired etc...he starts to collect user/pwd

Sir, this is very greek to me.

MX will understand