hamradioweb.org

 


Go Back   hamradioweb.org > Discussioni / Areas of discussion > Foreign Visitors Area

Notices

Foreign Visitors Area This area is reserved to all HamRadioWeb forum "foreign" members. All kinds of ham radio related arguments are welcome here ! Please, respect the mandatory language of this subsection: posting is allowed only in english.

Reply
 
Thread Tools Search this Thread
Old 18-08-10, 09:12   #1
IZ0IEN
Moderator
 
IZ0IEN's Avatar
 
Join Date: Nov 2008
Location: Frosinone JN61sp
Posts: 1,695
ROS mode email DoS remotely exploitable

Hello,

after reading the "new" ROS-mode software manual, an obvious flaw in the interaction between the radio side of software and the internet side was succesfully exploited and tested by myself. Really easy, no obscure buffer overflow or assembler code.. just a bit of brain.
So i quickly advise the author about this. The first mail is just an info i ask to be sure that the vulnerabilty still exist. Quickly (1 hour) Nieto reply, and indirectly confirm the vulnerability.
The second mail, 17 hour ago, i explain the vulnerability to Nieto.
No reply.
Third mail, 15 hour ago, with also i said that i am following a NDA (Non Disclosure Agreement) protocol, i let him 7 days to wrote me what want to do to correct or mitigate the impact of the whole thing.
No reply.
Ok - i feel a bit ignored. So this is the fourth (and last) mail, this morning:

da Cristiano <iz0ien@
a Jose Alberto Nieto Ros <nietoros@
data 18 agosto 2010 09:51
oggetto Re: ROS mode and email reports
proveniente da xxxxx.com
09:51 Zulu

Ok, i think you just ignored what i wrote.
So is fine from my point of view to ignore the NDA. Maybe an
acknowledgement of the "bug" was fair from you, but still i don't have
any reply from you. A simple "thanks" in those hours would have enough
for me, but you just *ignored* my messages.
If i don't have any reason-valid reply to this email, at 13.00 Zulu
(11.0 UTC) i publish the concept of the exploit finalized to ************************** on my HAM board and on my
underground channels.
You just don't have any kind of respect for those that warn you about
a mistake in your own interest.
Cristiano IZ0IEN
2010/8/17 Cristiano

At 13.00 Zulu, in both English and Italian sections , i will publish the exploit, very simple, but not so light from the point of view of the internet world.

Regards,
Cristiano IZ0IEN
IZ0IEN non   collegato   Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT +1. The time now is 07:54.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.