RE: The Linksys WRT54G "security problem" doesn't exist

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: The Linksys WRT54G "security problem" doesn't exist
From: "David Gillett" <gillettdavid@xxxxxxxx>
Date: Mon, 7 Jun 2004 09:09:42 -0700
Importance: Normal
In-reply-to: <200406051705.i55H595H002779@xxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <gillettdavid@xxxxxxxx>

> > 5) Does he really think that Cisco/Linksys would not test 
> > such a basic basic basic aspect of this router's security?
> 
> Yes.  How many times have "basic basic basic" aspects of security gone
> untested, or flaws gone unnoticed?  How long was port 1900 open on my 
> SMC Barricade?  How many "basic basic basic" aspects of security 
> has Microsoft, various Linux distros, Sun, and even MacOS X violated?

  Cisco's purchase of LinkSys is still relatively recent.  I've found,
in the past, fundamental code flaws in products being marketed by Cisco 
up to a year after their acquisition of the originating company....\
  Just because they've put their name on the outside of the box doesn't 
mean they've fully QA'd the innards.

David Gillett

References:
- RE: The Linksys WRT54G "security problem" doesn't exist
  - From: Alan W. Rateliff, II

Prev by Date: RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)
Next by Date: n0t
Previous by thread: RE: The Linksys WRT54G "security problem" doesn't exist
Next by thread: Re: The Linksys WRT54G "security problem" doesn't exist
Index(es):
- Date
- Thread