I dont no y u r so stressed out. my home network has never been secure and i have never!!! had a problem. Louise.
On 01/10/2010 22:31, Sabahattin Gucukoglu wrote: > BrailleNote Apex offers telnet and FTP access on the standard ports, with > read/write privilege on the entire file system, to all comers. No > authentication is required. BrailleNote is unsafe on any network whose > devices you are not in full charge of, and which (by NAT or firewall) does > not protect BrailleNote from the Internet. > > I am happy and sad. In a chance port scan of my entire network looking for > interesting services and protocols that were not accounted for by visible > configuration options in all my devices, I found this disaster staring me in > the face on the least likely candidate of them all. On the one hand, now I > don't need ActiveStink in order to access my files, over the network, from my > Mac. I want these services running, for sure (maybe just FTP) but dammit, > authentication first! On the other hand, there is no doubt my trust in > HumanWare is badly dented, as I was clearly optimistic that they would, and > did, do the right thing and secure the device firmware before shipping it. > Anonymous FTP and telnet are obvious, easily found and effectively exploited. > If it isn't configurable, it shouldn't be enabled. I am quite sure this was > the case before now. The most likely explanation is a build with a test > configuration and services for development still in use on the newest model; t he USB vendor string is further evidence of this. Note to self: that popular expression about assumptions turns out to be true. > > KeySoft version 9.0.2 build 756, Windows CE 6.0, with telnet and FTP services. > > While we await an update that either disables the services or allows the user > to specify the authentication credentials, do not use your BrailleNote Apex > on any untrusted network, or if you are network administrator, temporarily > prohibit these devices from connecting to your networks. If "Bad guys" are > on your network, the BrailleNote Apex is, alas, easy meat. > > Cheers, > Sabahattin > > ___ > Replies to this message will go directly to the sender. > If your reply would be useful to the list, please send a > copy to the list as well. > > To leave the BrailleNote list, send a blank message to > [email protected] > To view the list archives or change your preferences, visit > http://list.humanware.com/mailman/listinfo/braillenote > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
