Re: CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass
From: Kee Hinckley (nazgul_at_somewhere.com)
Date: 05/28/03
- Previous message: SPI Labs: "Multiple Vulnerabilities in Sun-One Application Server"
- In reply to: CORE Security Technologies Advisories: "CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 May 2003 20:34:27 -0400 To: CORE Security Technologies Advisories <advisories@coresecurity.com>
While you are fixing the vulnerability in your Axis video camera.
Please also stop to check and make sure that you have turned off (or
properly configured) it's ability to send snapshots via email. If
you turn on the function without configuring the addresses, older
cameras will default to sending email to mail@somewhere.com "from"
olga@somewhere.com. We get on the order of ten to fifteen thousand
of these every day. On occasions when we've bothered to look, we've
seen things ranging from computer rooms to jewelry store security
cameras. Probably not the kind of thing you'd want to be sending to
strangers.
-- Kee Hinckley http://www.messagefire.com/ Anti-Spam Service for your POP Account http://commons.somewhere.com/buzz/ Writings on Technology and Society I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's.
- Previous message: SPI Labs: "Multiple Vulnerabilities in Sun-One Application Server"
- In reply to: CORE Security Technologies Advisories: "CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
