Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Security, GPL and Corporates

Submitted by Anonymous Coward
An anonymous reader writes "Recently I received an ADSL modem from my landline provider, I have plugged it in and began exploring what it was capable of doing.
I have found out that under it's default configuration it has more security holes than a Swiss cheese, wireless is active, receives configuration updates from a TR-069 server, UPNP is active, it also has some preconfigured bridges to some unknown preconfigured VPI,VCI and an open TCP port (besides the one that is used from UPNP) that peeked my interest.
Some of the holes that were discovered were plugged but I didn't find a way to close the open port.
I also heard some stories that the landline provider has remotely connected to some users and has fixed their modem issues although it is a great thing I prefer to do it myself and consider it a security risk.
Digging around I found out that it contains Linux kernel and what appears to be a crippled BusyBox, so I contacted my landline provider and have asked him to provide the source code for the GPLed software so I could find out the process that keeps the port open and kill it, they refused.
I am a fan of Linux and personally use it, I have notified the author of the busybox of the apparent violation but my main concern is the possible security holes in the device.
Any idea on what can be done in order to secure it?"
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Security, GPL and Corporates

Comments Filter:

To err is human -- to blame it on a computer is even more so.