Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

+ - Security, GPL and Corporates

Submitted by Anonymous Coward
An anonymous reader writes "Recently I received an ADSL modem from my landline provider, I have plugged it in and began exploring what it was capable of doing.
I have found out that under it's default configuration it has more security holes than a Swiss cheese, wireless is active, receives configuration updates from a TR-069 server, UPNP is active, it also has some preconfigured bridges to some unknown preconfigured VPI,VCI and an open TCP port (besides the one that is used from UPNP) that peeked my interest.
Some of the holes that were discovered were plugged but I didn't find a way to close the open port.
I also heard some stories that the landline provider has remotely connected to some users and has fixed their modem issues although it is a great thing I prefer to do it myself and consider it a security risk.
Digging around I found out that it contains Linux kernel and what appears to be a crippled BusyBox, so I contacted my landline provider and have asked him to provide the source code for the GPLed software so I could find out the process that keeps the port open and kill it, they refused.
I am a fan of Linux and personally use it, I have notified the author of the busybox of the apparent violation but my main concern is the possible security holes in the device.
Any idea on what can be done in order to secure it?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Security, GPL and Corporates

Comments Filter:

System going down at 5 this afternoon to install scheduler bug.