Yup it's their death trap to get user into Unifi. After enough users they won't listen to anymore complaints and continue to do like what they do to streamyx users. Somemore it's a 2yrs contract which u must be vary of. The price doesnt sounds cheap when u terminate within 2 years.

Tmnet's greed had turn very ugly recently. Their technology and services still sux then before but their strategy to market their failure products is improving. They know how to avoid complaints and cover up their problems perfectly.

This post has been edited by darkskies: May 30 2010, 12:28 AM

the contract bandwidth cap thingy was removed after the QQ but i think it'll come back soon

edit- lol typo

This post has been edited by ysc: May 30 2010, 01:48 AM

the worst thing is u have to pay + u will have high blood pressure dealing with their customer service within this 2 years

Probably why they put that up ;p

Okay, good job for TS as he found out this major security risk considering the number of IT grads and professionals these days are out there...
But posting this here is actually publicity to this loophole.

Only those who came to LYN would find out about this and if they are tech savvy enough, they will know how to get around it to minimize the exposure risk as much as possible.

But again, if someone with unholy intention stumbles upon this, it could mean disaster for those unaware and incapable to prevent it...

I would like to ask TS, now that you have found out and posted it to public, what is your next step? Will you report to relevant authorities?
Otherwise the purpose of this thread will be:

1. Publicize a major loophole in UniFi
2. Giving knowledgeable users the chance to avoid the risk, a really small amount of people in LYN.
3. Exposing a mass mount of UniFi-ers to exploits...

So, just be aware of that. I'm no IT expert with any qualification btw. TS, u're doing the right thing, salute! but there is still a loophole in what you are doing haha

This post has been edited by andrew9292: May 30 2010, 12:30 AM

Bandwidth cap lifted but not contract. Check the Term & Condition on the website. They are not stupid enough to lift their contract which is where their bait gonna be.

I spent some time thinking about it. There were a lot of things I took into consideration..

In the end I feel as though its my duty to notify the community about these things. It's not my job to fix it, it's TM's job. If they had planned this through and allowed for open access to their hardware in the first place, we wouldn't be in this mess. Why even bother putting the PPPoE server on VLAN 500? Why didn't they just not use any tagging in the first place? It wouldn't make a difference to them but it would give their customers tons of new options and better security. It's because they chose to follow this closed method that all these flaws are starting to come out. If I'm not mistaken, I even mentioned on LYN in the first week I got Unifi that there's a telnet daemon on the set top box and SSH daemon on the DIR-615.. and it would only be a matter of time till someone found the keys.

It took me less than 2 months to completely break the system (from the users end). Sure, I have a lot of experience in this field but I'm just a final year network security student and I did this in my free time because I was trying to help people @ LYN. 2 months in however, all these flaws in their system start to get noticed. You hand this system to a professional blackhat hacker and the entire network is going to go down in a week or so.

I know sending a message to LYN isn't exactly sending a message to every Unifi user in Malaysia, there are tons of users (even TM staff) which have their routers exposed at the moment. Eventually however, the word is going to get out. They will either patch their firmware 7.05 and fix it or notify their technicians to not enable these particular features doing install. The best case scenario I can hope for is that they start doing installs with this secondary admin account so people have full control over the hardware and service they're dishing out RM200+ a month for.

And you know, even though this 'fix' blocks WAN access.. I believe the SSH daemon is still running on the LAN subnet. It cannot be turned off without using the secondary admin account and logging into the SSH server using PuTTy or something. Those people who are running Unifi hotspots (aka kopitiam shops) are still vulnerable.

I know some of you are going to hate me with the typical 'why did you let others know' mentality.. but lets be honest here, just because I don't tell you something it doesn't magically make it non-existent okay? I'm not going to release the account details yet and I'm hoping those of you who have also found this account wont either.. and I know that's not a perfect solution but its better than closing both your eyes and pretending there is no problem with the system.

this is bad, force to use a device that's not secure than usual device,

good job rivan, nice find

No no, i think it was right making this public. Maybe this will get into the star and we can pressure tmnut to let their users use their own routers.

If we do have any problem, we would call tmnut helpline 100 and they can send a technician over. No need to expose our security just for that


So anyway, anyone working for the newspaper, and please copy paste riv's statement into the news, thx. A good headline would be "TMnut obsession with control leads to security loophole for Unifi consumer and business users alike"

This post has been edited by Moogle Stiltzkin: May 30 2010, 01:03 AM

It'll nv appear in the news. Everything is controlled. The only way is to discourage users frm signing up for unifi. Money is still the best way to deal with them rather then going on with complaints. If they are still earning money they'll just continue to do what they want. Once their budget is blown they'll learn their lesson.

Yea keeping quiet won't solve anything.It is better knowing than mati katak for unifi users.Good job.

Thanks rivanvp.
Time to fire up my backtrack.

Hi guys,

I think as what @Riz already mention, as a Unifi owner do you think you can SUE TMNUT?

ermmm.. food for thought.

lol

i wanted to say bandwidth but didnt notice.. dunno why my hand typed contrct instead
didnt notice till some1 pm me

any1 care to explain this thing...im so noob btw

Simple, TM can spy ur porn. Rizvan can spy ur porn.(If u r using unifi)

firstly, GOOD exposé rizwan!!

@vengenz, they dont need to touch the dir-615 to check usage of cap limit.
eg. your mobile usage for billing telco dont need to touch your phone

---

Added on May 30, 2010, 6:02 pmwahh!! started already. deflect. trivialise. ridicule.

---

Added on May 30, 2010, 6:37 pmin future...this will be a fav pastime for some. and the unsuspecting user after 3 days. eh?!@ why so slow?!?
call helpdesk...quota used LOL...sorry we cant help you. no proof that you did not use it yourself.




This post has been edited by almaty: May 30 2010, 06:37 PM

They so called CCNP in the whole design of TM network sucks, if they are so call clever, they won't design the whole network layout like this in the first place. enterprise user won't be using their DIR-615 for default router anyway, but double NAT-ed behind DIR-615 is not doing any good with application like FTP except DMZ it; futhermore if the DIR-615 being exploited, they will be a middleman which can run something like SSLstrip, ur maybank2u, pbebank will be monitored without SSL.

night_wolf_in, i do not mean to hurt ur feeling but, get your old school cisco rules knowledge away, go learn some linux and get certified with RHCE instead of CCNP anyway.

I already updated the first page with a FAQ for all those "CCNP"s who are somehow still unaware of the capabilities of embedded systems in the year 2010.

really who cares ccna/ccnp. blow a whistle, hundreds/thousands will come.
in constrast, banks/big corps will pay big $$$ to consultants to verify security.

anyway rizwan good on ya. some people would have kept quiet so that they can exploit for their personal gain for as long as possible/forever...

i think tm owes you at least 1 years free subscription

Btw, rizvanrp, didn't notice that u have promoted to Elite member, congrats!