nanog mailing list archives
ABOVE.NET SECURITY TRUTHS?
From: Exiled Dave <exiled_dave () yahoo com>
Date: Fri, 28 Apr 2000 11:55:28 -0700 (PDT)
I guess by now everyone knows what happened.
Paul, can you share some info
with the rest of us about what the vulnerability
was so we can "plug the
hole"?"Plug the hole" was a figure of speech. You pretty
much all know that if
MFN/Abovenet suspected a way in which other
providers were vulnerable, we'd
have shared that information with you (privately) by
now.
-- Paul Vixie <vixie () mibh net> SVP for Internet Services, MFNX
HAHAHA the reason no other provider is vulnerable is because no other provider with half a clue has the same simple login and enable "p4ssw0rds" on all their switches, and internal machines in their sjc facilities on hubs. What does one expect will happen when their switch passwords become public knowledge? The funny thing is the passwords were originally sniffed by MafiaBoy. There's no need to "privately" share a fix/hole in this case. The ENTIRE problem here, is above's total inability to secure their own switches. And it SHOULD be public. People who control literally MILLIONS OF DOLLARS of other people's data per second NEED to learn, that CORE NETWORKS NEED TO BE PROTECTED. (i.e. CHANGING PASSWORDS, NOT PERMITTING "COMMON PASSWORDS") I hope we ALL learn a lesson from this. __________________________________________________ Do You Yahoo!? Talk to your friends online and get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Current thread:
- ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- <Possible follow-ups>
- Re: ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Exiled Dave (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- RE: ABOVE.NET SECURITY TRUTHS? Paul Froutan (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Alec H. Peterson (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Travis Pugh (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? Hank Nussbacher (Apr 29)
- Re: ABOVE.NET SECURITY TRUTHS? Alec H. Peterson (Apr 30)
- Re: ABOVE.NET SECURITY TRUTHS? Philip Smith (Apr 30)
- RE: ABOVE.NET SECURITY TRUTHS? Roeland Meyer (E-mail) (Apr 28)
- Re: ABOVE.NET SECURITY TRUTHS? John Kristoff (Apr 28)