North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
ABOVE.NET SECURITY TRUTHS?
- From: Exiled Dave
- Date: Fri Apr 28 15:03:11 2000
> > I guess by now everyone knows what happened.
Paul, can you share some info
> > with the rest of us about what the vulnerability
was so we can "plug the
> > hole"?
> "Plug the hole" was a figure of speech. You pretty
much all know that if
> MFN/Abovenet suspected a way in which other
providers were vulnerable, we'd
> have shared that information with you (privately) by
> Paul Vixie <email@example.com>
> SVP for Internet Services, MFNX
HAHAHA the reason no other provider is vulnerable is
because no other
provider with half a clue has the same simple login
and enable "p4ssw0rds"
on all their switches, and internal machines in their
sjc facilities on
hubs. What does one expect will happen when their
switch passwords become
public knowledge? The funny thing is the passwords
were originally sniffed
There's no need to "privately" share a fix/hole in
The ENTIRE problem here, is above's total inability to
secure their own switches.
And it SHOULD be public. People who control literally
MILLIONS OF DOLLARS of other people's data per second
NEED to learn, that CORE NETWORKS NEED TO BE
PROTECTED. (i.e. CHANGING PASSWORDS, NOT PERMITTING
I hope we ALL learn a lesson from this.
Do You Yahoo!?
Talk to your friends online and get email alerts with Yahoo! Messenger.