I think this should be reported to MCMC and MYCERT.
Unifi WARNING TO ALL UNIFI USERS, Threat warning, read inside
|
|
 May 29 2010, 03:39 PM
Return to original view | Post
#1
|
 
Senior Member
974 posts Joined: Jan 2009 
|
|
Quote|
|
|
|
|
May 29 2010, 03:59 PM
Return to original view | Post
#2
|
|
Senior Member
974 posts Joined: Jan 2009
|
QUOTE(ciohbu @ May 29 2010, 03:39 PM) MCMC ? its like reporting BN's MP corruption case to MACC ...lollzz Didn't say they will take action. But there must be a documented report made in case for future reference. And MYCERT is supposed to: QUOTE Mission To address the computer security concerns of Malaysian Internet users. |
|
|
May 31 2010, 12:37 PM
Return to original view | Post
#3
|
|
Senior Member
974 posts Joined: Jan 2009
|
QUOTE(rizvanrp @ May 30 2010, 08:13 PM) I already updated the first page with a FAQ for all those "CCNP"s who are somehow still unaware of the capabilities of embedded systems in the year 2010. What happens if you reset the router back to factory defaults? Will this "hidden" account remain? Will it reset the password for the account? Will the account still have remote management enabled after a reset? |
|
|
May 31 2010, 01:56 PM
Return to original view | Post
#4
|
|
Senior Member
974 posts Joined: Jan 2009
|
QUOTE(rizvanrp @ May 31 2010, 12:43 PM) Resetting doesn't work, this exploit relies on the fact that this account uses the default user/pass combo. Resetting it just resets it back to the same user/pass, remote management will be disabled however. But there's really no point anyway, the SSH daemon is still accessible via LAN.. cant stop it at all from the GUI even with this second account. At least if you reset the router, the remote management becomes disabled without you having to access the account to do it manually. Easier for basic users to do. Then the account becomes inaccessible from the outside world, right? Isn't the SSH damon also disabled by default? So without remote access to the account, you cannot enable ssh? Correct me if I am wrong please.When you say "accessible via LAN" , are you referring to your own internal network, ie other users at home / office? Or are you referring to other Unifi users within the Unifi network? If I understad correctly, TM should disable remote management by default. They just have to reset the router upon installation. If TM requires remote management to do troubleshooting or maintenance, when a user calls the helpline, they can be instructed on how to enable the remote management , do the necessary maintenance and then rest / disable it again. |
|
|
May 31 2010, 02:29 PM
Return to original view | Post
#5
|
|
Senior Member
974 posts Joined: Jan 2009
|
QUOTE(skincladalien @ May 31 2010, 01:20 PM) I just had lunch with someone. Can't reveal much but look up for the Space Shuttle Challenger case study, and related it to a big Government linked company like TM... You may not want to give hints on the details, but at least hint more on the general topic you are referring to...Thats the max hint I can give. Guesses.. 1. Is TM going to contact these forum admins and request that this and other similar topics about TM be removed or banned? Or the media has been informed not to take up this matter? 2. TM is fully aware of this but they are waiting for something to happen first, then take action or come up with excuses later? I would think security professionals would rather be pro-active about security rather than re-active. 3 rizvanrp is going to be blown up via remote management?...?? |
|
|
Jun 2 2010, 09:50 PM
Return to original view | Post
#6
|
|
Senior Member
974 posts Joined: Jan 2009
|
IMO, TM has shown:
QUOTE(soundsyst64 @ Jun 2 2010, 07:53 PM) TM would like to assure all concerned parties that the only reason the UniFi router setting for remote access is enabled is for remote access troubleshooting purposes for the express use of our technical support personnel. In the event there is a technical support issue with any of our UniFi subscribers; at the first level of troubleshooting, TM’s network operation centre (NOC) can immediately remotely diagnose the problem before sending a support team on-site. 1. Failure to make users fully aware of such remote access in the first place.2. Failure to realise that they cannot guarantee that the remote access would only be used by their support personnel and not a third party, especially with a weak password being used. 3. Failure to take into consideration the security aspects of the users, rather than focusing on easier support QUOTE(soundsyst64 @ Jun 2 2010, 07:53 PM) TM takes note of the security concerns that have been raised, and we have taken these issues to heart. 4. Failure to "get away" by trying to use "security by obscurity" method.QUOTE(soundsyst64 @ Jun 2 2010, 07:53 PM) TM also acknowledges that there is a need to balance the public’s level of comfort with regards to security and privacy and TM’s own commitment to faster support turnaround time. As such, TM would like to maintain the higher level of service enabled by remote access management on customer routers, and in recognition of that TM will immediately change every UniFi customers’ router management password into a high security, unique one (which will be only known to the customer and TM). TM will notify all our Unifi customers of this change accordingly. 5. Failure to be pro-active, rather than re-active. The proposed unique password method could have been done right from the start.6. Failure to follow some basic rules of creating passwords: - do not use simple passwords - do not use dictionary words or simple words as passwords - do not use the same password on multiple accounts / services |
|
Topic ClosedOptions
|
| Change to: |  0.0231sec
 1.21
 7 queries
 GZIP Disabled
Time is now: 3rd December 2025 - 08:35 AM |
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Powered by Invision Power Board © 2025 IPS, Inc.