Student Finds Security Flaw, Gets Booted from ISP

Share: Email Story Twitter Facebook Stumbleupon Add to Any
by Jordan Yerman | April 17, 2007 at 02:28 pm
292 views | 0 Recommendations | 0 comments

No good deed goes unpunished, it would seem: one would think that BeThere (the ISP in question)would be thrilled to have one of their subscribers so on top of this, particularly since they missed the flaw.

A 21-year-old college student in London had his internet service terminated and was threatened with legal action after publishing details of a critical vulnerability that can compromise the security of the ISP's subscribers.

BeThere took the retaliatory action four weeks after subscriber Sid Karunaratne demonstrated how the ISP's broadband routers can be remotely accessed by anyone curious enough to look for several poorly concealed backdoors. The hack makes it trivial to telnet into a modem and sniff users' VPN credentials, modify DNS settings and carry out other nefarious acts.

Click here to find out more!

Alas, Karunaratne's February 22 posting originally included the specific password needed to carry out the attack - a tack from the "full disclosure" school of vulnerability reporting that is considered a no-no in many security circles. Less than 48 hours later, he removed the password information, but that didn't stop the ISP from exacting its retribution.

Source: theregister.co.uk

Share: email story | add to any | | facebook | stumbleupon

Comments (0)

This story was created over 3 months ago, the comment thread is now closed.

in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

closeSign in to NowPublic

Not a member?

JoinIt's free!

is reporting from
Member
NP Rank: