Go Back   hamradioweb.org > Discussioni / Areas of discussion > Foreign Visitors Area


Foreign Visitors Area This area is reserved to all HamRadioWeb forum "foreign" members. All kinds of ham radio related arguments are welcome here ! Please, respect the mandatory language of this subsection: posting is allowed only in english.

Thread Tools Search this Thread
Old 18-08-10, 09:12   #1
IZ0IEN's Avatar
Join Date: Nov 2008
Location: Frosinone JN61sp
Posts: 1,700
ROS mode email DoS remotely exploitable


after reading the "new" ROS-mode software manual, an obvious flaw in the interaction between the radio side of software and the internet side was succesfully exploited and tested by myself. Really easy, no obscure buffer overflow or assembler code.. just a bit of brain.
So i quickly advise the author about this. The first mail is just an info i ask to be sure that the vulnerabilty still exist. Quickly (1 hour) Nieto reply, and indirectly confirm the vulnerability.
The second mail, 17 hour ago, i explain the vulnerability to Nieto.
No reply.
Third mail, 15 hour ago, with also i said that i am following a NDA (Non Disclosure Agreement) protocol, i let him 7 days to wrote me what want to do to correct or mitigate the impact of the whole thing.
No reply.
Ok - i feel a bit ignored. So this is the fourth (and last) mail, this morning:

da Cristiano <iz0ien@
a Jose Alberto Nieto Ros <nietoros@
data 18 agosto 2010 09:51
oggetto Re: ROS mode and email reports
proveniente da xxxxx.com
09:51 Zulu

Ok, i think you just ignored what i wrote.
So is fine from my point of view to ignore the NDA. Maybe an
acknowledgement of the "bug" was fair from you, but still i don't have
any reply from you. A simple "thanks" in those hours would have enough
for me, but you just *ignored* my messages.
If i don't have any reason-valid reply to this email, at 13.00 Zulu
(11.0 UTC) i publish the concept of the exploit finalized to ************************** on my HAM board and on my
underground channels.
You just don't have any kind of respect for those that warn you about
a mistake in your own interest.
Cristiano IZ0IEN
2010/8/17 Cristiano

At 13.00 Zulu, in both English and Italian sections , i will publish the exploit, very simple, but not so light from the point of view of the internet world.

Cristiano IZ0IEN
IZ0IEN non   collegato   Reply With Quote


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

All times are GMT +1. The time now is 17:59.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.