RE: LinkSys WRT54G administration page availble to WAN
From: Alan W. Rateliff, II (lists_at_rateliff.net)
To: <email@example.com> Date: Mon, 31 May 2004 18:58:54 -0400
> -----Original Message-----
> From: Matthew Caron [mailto:firstname.lastname@example.org]
> Sent: Monday, May 31, 2004 5:19 PM
> To: Alan W. Rateliff, II
> Cc: email@example.com
> Subject: Re: LinkSys WRT54G administration page availble to WAN
> Isn't that the Linksys product that runs Linux and all these
> folks have
> been making custom firmware for? If so, can't one of those folks fix
> this bug if Linksys it taking too long?
Perhaps, but the points still remain that LinkSys is distributing a
vulnerable product through all channels, retail stores are blowing this item
out with rebates, and Joe Average User isn't going to upgrade to a custom
Linux-based firmware because chances are he or she is not aware of it.
Also, I have received a shit-storm of auto-replies from my original post.
Hey, people, DON'T SUBSCRIBE TO A LIST USING AN ADDRESS WITH
After wading through 30-or-so of these auto-responses, I found three valid
emails. The general answer is that I had an open dialogue with LinkSys
support (case #AEV-14523-534, which refers to #KNU-66355-624,) the problem
was originally noted to them on 04/28/04, and because of my open dialogue
with LinkSys support I did not send an email to any other address or
department at LinkSys.
In regards to the last part, I do now feel somewhat remiss for not having
done so, however at the same time a proven security issue should be properly
communicated from support to the appropriate department. That seems to not
be the case, and assumption is the evil of all root.
-- Alan W. Rateliff, II : RATELIFF.NET Independent Technology Consultant : firstname.lastname@example.org (Office) 850/350-0260 : (Mobile) 850/559-0100 ------------------------------------------------------------- [System Administration][IT Consulting][Computer Sales/Repair]