RE: LinkSys WRT54G administration page availble to WAN

["Alan W. Rateliff, II" <lists () rateliff net>]

> -----Original Message-----
> From: Matthew Caron [mailto:matt () mattcaron net] 
> Sent: Monday, May 31, 2004 5:19 PM
> To: Alan W. Rateliff, II
> Cc: bugtraq () securityfocus com
> Subject: Re: LinkSys WRT54G administration page availble to WAN
>
> Isn't that the Linksys product that runs Linux and all these 
> folks have 
> been making custom firmware for? If so, can't one of those folks fix 
> this bug if Linksys it taking too long?

Perhaps, but the points still remain that LinkSys is distributing a
vulnerable product through all channels, retail stores are blowing this item
out with rebates, and Joe Average User isn't going to upgrade to a custom
Linux-based firmware because chances are he or she is not aware of it.

Also, I have received a shit-storm of auto-replies from my original post.
Hey, people, DON'T SUBSCRIBE TO A LIST USING AN ADDRESS WITH
AUTO-RESPONDERS!!

After wading through 30-or-so of these auto-responses, I found three valid
emails.  The general answer is that I had an open dialogue with LinkSys
support (case #AEV-14523-534, which refers to #KNU-66355-624,) the problem
was originally noted to them on 04/28/04, and because of my open dialogue
with LinkSys support I did not send an email to any other address or
department at LinkSys.

In regards to the last part, I do now feel somewhat remiss for not having
done so, however at the same time a proven security issue should be properly
communicated from support to the appropriate department.  That seems to not
be the case, and assumption is the evil of all root.

-- 
       Alan W. Rateliff, II        :       RATELIFF.NET
 Independent Technology Consultant :    alan2 () rateliff net
      (Office) 850/350-0260        :  (Mobile) 850/559-0100
-------------------------------------------------------------
[System Administration][IT Consulting][Computer Sales/Repair]