Bsnl Dataone Easily Hackable

[max]

it wouldn't have hurt to listen to what that guy was saying. he did not post links or any kind of details about how the "crack" could be misused. he just wanted to warn BSNL users.anyway...admins words the last.

 

[Sushubh]

i just dont like script kiddies wannabe. a serious dude would have a different way of posting about a possible security vulnerability.

 

[pita]

hahaha... It reminded me of a time when GOI asked all ISP to host the details of their suscribers accounts, address on their site, so that GOI sleuths could access the information online. But then ISPs were lazy they just uploaded the spreadsheets to their websites with minimal security, and then any [email protected] could go in their do a little search find out those *obscure* links and see the details of X, Y or Z or anyone and call the ISP Call center and have X's, Y's or Z's password reset. Then he told me that "I could hack anyone online in India rightnow" and I could just laugh, it was so cool B-)I have no idea how Dataone works but my guess wud be it uses adsl router.Well if thats the case then, I think everyone should change those router/cable-modem admin passwords? And if u ask me why?*Usually* anyone who hits port 80 on that router can see the router configuration webpage, login as admin/admin or admin/admin123 or admin/cr4zy_p4ssw0rd or noadmin/deadadminpass or ... blah and see in account setup the account details i.e. the username ([email protected]) and password ( ******* ) and if u see that ***** password just rt click on ur favourite browser and view source, there u have it both the username and the password.... Hurrray!!! now u learnt how to hack the living daylights of Csnl DataTwo Broadband!!! w00t!.Well knowing someones router/account user/pass is ok, but no one can hack me I am behind a route and I am on NAT/firewall yo!! Most router's these days have DMZ support in them, if a hacker 'ahem.. I mean a cracker logs into ur router & add ur pc to the DMZ zone then ur NAT wouldnt protect u anymore. All ur ports are open 'doing eagle spread' to the whole world...But I see so many people ignorant about security, security through obscurity is bad, And security comes in when u change your default settings and public disclosure is cool (if done in a right way). Thats why we have Full-Disclosure, Bugtraq because, disclosure leads to awareness and education, and education should be free for all not just for those 1337 h4X0rs...

 

[Sushubh]

the pain is back!

 

[pita]

still have the Adm¡nistrator account neowin.net but the forums dont work for me anymore - so i offer pain here

 

[nightwolf2k5]

well.. what if he's using bridged mode?

 

---

[priyoban]

Then you need to be a hacker and not a cracker.

 

[blr_p]

QUOTE(pita @ Feb 28 2007, 04:22 AM) [snapback]81533[/snapback]
But I see so many people ignorant about security, security through obscurity is bad, And security comes in when u change your default settings
and public disclosure is cool (if done in a right way). Thats why we have Full-Disclosure, Bugtraq because, disclosure leads to awareness and education, and education should be free for all not just for those 1337 h4X0rs...[/b]
All these sentiments are not new, what happens many times is the person revealing this information is treated badly. Witness several accounts of ppl in the US getting into hot water for the same. You might want to check out some of the "Off the hook" archives amongst several others.

Do you feel lucky ?

..that in India where this has not been tested just yet, that the proper authorities would behave any differently.

Why would they, since they are made to look like asses to more than just their higher-ups.