[plug] dodgy PixelNet/NetGateway

Steve Grasso steveg at calm.wa.gov.au
Mon Oct 9 09:30:01 WST 2000 

On Sun, 08 Oct 2000, Niall Young wrote:
> On Sat, 7 Oct 2000, Leon Brooks wrote:
> 
> > > It was completely insecure - around 20 (absolutely unnecessary) ports open,
> > > known exploits found for half a dozen of these, seemed to be in an old state
[snip]

Incompetence, laziness, rush-for-profit. Tick any that may apply.

> 
> This is what scares me so much - they've lost control over their own hardware,
> not just to the company supplying this product but to anyone else with half a
> clue - there goes their gateway, there goes their network, there goes their IP.
> 

If I was the unwitting consumer in this scenario, I should be greatly
concerned  for the integrity of my network and any proprietary information
which may be in computers on the network.

> > > But it gets worse - the client was never supplied the root password, not
> > > even the reseller was given this, and maintenance seems only possible through
> > > PixelNet on a yearly subscription basis.

There's money to be made in retaining power and control. Personaly, I consider
what you've reported to be unethical business behaviour. Has anyone (reseller
or consumer) actually demanded superuser/self-admin information? Or that the
product be fixed/replaced? If not, perhaps they could be encouraged to and see
what the response is.

> Yep, it's not a problem to gain access - the point of my email was just to see
> if others had encountered this or similar products.  (Steve, it was local)

No, I haven't come across anything like this on a commercial level, but as
Leon pointed out, unethical/poor solutions are not platform-dependant, nor do
you necessarily get them for a bargain price!

>  I'd rather give my client all of the facts and let them make the decision
[snip]

Absolutely

> about whether we should crack into it and take control of what they've paid
> for, or make the supplier/author clean up their own mess, or replace it >
completely.  It just scares me that insecure products are being deployed en >
masse, and consumer's rights are being violated.

It irks more than scares me. I wonder if the product is fit for the purpose
it's being advertised and sold for? (a la Trade Practices)

> Niall Young		

Steve

More information about the plug mailing list