annuncio

Comprimi
Ancora nessun annuncio.

ROS mode email DoS remotely exploitable

Comprimi
X
 
  • Filtro
  • Ora
  • Visualizza
Elimina tutto
nuovi messaggi

  • ROS mode email DoS remotely exploitable

    Hello,

    after reading the "new" ROS-mode software manual, an obvious flaw in the interaction between the radio side of software and the internet side was succesfully exploited and tested by myself. Really easy, no obscure buffer overflow or assembler code.. just a bit of brain.
    So i quickly advise the author about this. The first mail is just an info i ask to be sure that the vulnerabilty still exist. Quickly (1 hour) Nieto reply, and indirectly confirm the vulnerability.
    The second mail, 17 hour ago, i explain the vulnerability to Nieto.
    No reply.
    Third mail, 15 hour ago, with also i said that i am following a NDA (Non Disclosure Agreement) protocol, i let him 7 days to wrote me what want to do to correct or mitigate the impact of the whole thing.
    No reply.
    Ok - i feel a bit ignored. So this is the fourth (and last) mail, this morning:

    da Cristiano <iz0ien@
    a Jose Alberto Nieto Ros <nietoros@
    data 18 agosto 2010 09:51
    oggetto Re: ROS mode and email reports
    proveniente da xxxxx.com
    09:51 Zulu

    Ok, i think you just ignored what i wrote.
    So is fine from my point of view to ignore the NDA. Maybe an
    acknowledgement of the "bug" was fair from you, but still i don't have
    any reply from you. A simple "thanks" in those hours would have enough
    for me, but you just *ignored* my messages.
    If i don't have any reason-valid reply to this email, at 13.00 Zulu
    (11.0 UTC) i publish the concept of the exploit finalized to ************************** on my HAM board and on my
    underground channels.
    You just don't have any kind of respect for those that warn you about
    a mistake in your own interest.
    Cristiano IZ0IEN
    2010/8/17 Cristiano

    At 13.00 Zulu, in both English and Italian sections , i will publish the exploit, very simple, but not so light from the point of view of the internet world.

    Regards,
    Cristiano IZ0IEN
    Cris IZ0IEN
    http://www.technecom.it
    Founder of FOC - Frigo Operators Club
    Member of SOC #990 - Second Operator Class
    Orgoglioso cultore del CW a correzione d'errore.
Sto operando...
X