09-21-2005, 06:00 AM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
A Few Security Concerns That May Impact Pocket PC Users
http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.CornerSep15.05
There are a few security issues that have cropped up lately that I am sure some of our readers are susceptible to. First, those of you with a wireless LAN using the Linksys WRT54G router, there are five issues.
"This week iDEFENSE released five advisories describing flaws in Cisco Systems Inc.'s Linksys WRT54G wireless router. All five vulnerabilities involve the router's Web-based management service. An unauthenticated attacker can exploit these vulnerabilities to prevent you from accessing the router's management service; to configure your router; to modify your router's firmware; or to flat-out gain complete control your router. While these vulnerabilities sound really bad, one catch prevents them from posing a critical threat. An attacker can exploit them only from the router's internal network. Unless you leave your wireless network wide open, these vulnerabilities probably won't bite you. However, if you own this Linksys router, update its firmware as soon as you can."
All five issues are fixed by downloading the newest firmware. Now for software you might have on your Pocket PC. There are three apps, vxTFTPSrv, vxFTPSrv and vxWeb, that have issues you should be aware of. There is no fix so here your best defense is to know the issues and be on the look out for them.
|
| |
|
|
|
09-21-2005, 01:49 PM
|
|
Intellectual
Join Date: Mar 2005
Posts: 147
|
|
Just to note, the latest version of firmware for the WRT56G is 4.20.7 released 8/25/2005.
__________________
Clinton Fitch ~ MVP-Mobile DevicesPrincipalClinton Fitch (Dot) Com!
|
| |
|
|
|
09-21-2005, 05:00 PM
|
|
Pontificator
Join Date: Mar 2007
Posts: 1,466
|
|
Thanks Ed.
While I'm not affected, I'm glad that you've posted re: flaws and vunerabilities.
Just makes me wonder though...
The user related password and encryption vunerabilities i.e...the well known "Linksys SSID" and "Admin" makes the phrase "hacking a WR56G" an oxymoron.
It just amazes me how jargonized these articles are....
:lol:
|
| |
|
|
|
09-21-2005, 06:51 PM
|
|
Sage
Join Date: Jul 2004
Posts: 658
|
|
I'm assuming this is only on the stock firmware?
I'm currently running alchemy 1.0 public final.
|
| |
|
|
|
09-21-2005, 07:02 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by mscdex
I'm assuming this is only on the stock firmware?
I'm currently running alchemy 1.0 public final.
|
Then you are also assuming that the guys building that are doing their own security tests to ensure you are protected, which means you can't assume you are.
|
| |
|
|
|
09-21-2005, 09:05 PM
|
|
Ponderer
Join Date: Nov 2004
Posts: 73
|
|
Ed,
For convenience we have started posting all of our security advisories, including the three mentioned above, at the following link:
http://www.airscanner.com/security/
There are more interesting ones in the pipeline, but we're holding them to give the vendors the chance to patch them.
--Brad Barnes
|
| |
|
|
|
|
|
|
Linear Mode
