Search found 25 matches

Goto page 1, 2  Next
Goto page 1, 2  Next
Author Message
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Wed Feb 10, 2010 7:16   Subject: DD-WRT Root exploit posted today
to be clear ... when i talk about Redmond education, this is not about the product, but the policy of "assistance" (i'm not sure about the correct english tranlation). I mean User is treat a ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Tue Feb 09, 2010 15:53   Subject: DD-WRT Root exploit posted today

this typical from Redmond education "Openned mouth waiting for food to come in without doing anything


Hm... I may have something to say about that "Redmond education"; I'm not a &quo ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Tue Feb 09, 2010 15:49   Subject: DD-WRT Root exploit posted today

Anyway, mailing list could be a good idea, if you read it.

A better idea may be having some kind of built-in
mechanism into DD-WRT to check from time to time for
updates; fetch some kind of "up ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Tue Feb 09, 2010 8:02   Subject: DD-WRT Root exploit posted today

Anyway, mailing list could be a good idea, if you read it.

A better idea may be having some kind of built-in
mechanism into DD-WRT to check from time to time for
updates; fetch some kind of "up ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Tue Jul 28, 2009 8:17   Subject: DD-WRT Root exploit posted today

I think a better way might be to have a session token passed by a cookie that must be included as part of the URL for any subsequent communication

http://SERVER_IP/normalstuff&SESSION=66a934bbf ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Mon Jul 27, 2009 14:21   Subject: Re: Firmware: DD-WRT v24 RC-7 (03/26/08) vpn
Sorry guys, no time right now to comb through all the 12 pages of this discussion (maybe somebody already has reported about this).

I just read about this issue and wanted to inform, that the bug is ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Mon Jul 27, 2009 8:22   Subject: DD-WRT Root exploit posted today

Yeah I think such a GUI option would be good. I can't see how quitting and restarting the httpd daemon could be permanent on reboot.

Right now a more realistic option is probably just to change you ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Mon Jul 27, 2009 7:11   Subject: DD-WRT Root exploit posted today


ports, you've got to do it as described killall httpd
cd /www
httpd -p 81 -h /www
cd /jffs
httpd -h /jffs

Will that work across boots?


you won't need the second part (that is the "jffs&quo ...
  Topic: DD-WRT Vulnerability - FYI
OB1

Replies: 6
Views: 9445

PostForum: General Questions   Posted: Fri Jul 24, 2009 12:13   Subject: DD-WRT Vulnerability - FYI
just read the news

dd-wrt.com

sounds like you didn't follow the "vuln" thread on THIS forum, did you <eg> ?
  Topic: DD-WRT Vulnerability - FYI
OB1

Replies: 6
Views: 9445

PostForum: General Questions   Posted: Fri Jul 24, 2009 9:57   Subject: DD-WRT Vulnerability - FYI
Thanks for the headsup drjay.

While we wait for a firmware update to address this vulnerability, does anyone know how to protect against a "Cross Site Reference Forgery Exploit"? Disable ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Fri Jul 24, 2009 9:08   Subject: DD-WRT Root exploit posted today

If I remember right, last years' exploit was something like this... if you'd previously authorized to the control panel with the browser and then visited an evil site without first logging out, your ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Thu Jul 23, 2009 21:21   Subject: DD-WRT Root exploit posted today
Hello,

all. What about spawning a shell at port tcp/11111 by using

ROFL...that's something I tried to enforce, but apparently ... I did hit deaf ears :P

anyways... that isn't "sorry for the m ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Thu Jul 23, 2009 21:16   Subject: DD-WRT Root exploit posted today
No. Because the same thing happens to many people's computers in a day. Eventually, they figure out they have a virus and the get someone to fix the problem. Those who actually *keep* up with their ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Thu Jul 23, 2009 16:12   Subject: Re: Use a non-standard IP range
Yeah this was already discussed way back in the thread by myself and others. Band-aid fix is right. Not a good feeling knowing your ddwrt devices are a URL away from crash/hack no matter where you h ...
  Topic: DD-WRT Root exploit posted today
OB1

Replies: 221
Views: 307560

PostForum: Broadcom SoC based Hardware   Posted: Thu Jul 23, 2009 15:45   Subject: Re: Use a non-standard IP range
One idea that would mitigate automated CSRF attacks like this is for everyone to use a unique IP address range - there is the whole of 10.x.x.x to use, and 172.16.something, and of course 192.168.N.x ...
All times are GMT
Navigation
Jump to: