<<< Date Index >>>     <<< Thread Index >>>

Re: hacking the mitsubishi GB-50A



Desai, Ashish wrote:
If you read your own post you would realize that Mitsubishi kept the device ipaddress prefix as 192.168.1 so only you can attack
yourself.
Well, as James pointed out already, this reply is a little silly.

But, just to be clear, if Mitsubishi had explicitly documented that this device should only be used on a private network and had no access controls, I don't think I'd have a problem.
However, they show a username/password box (which I'm betting is fairly 
easilly circumvented if you know the right urls and can forge a cookie 
on the client...) so I think it's fair game to expect them to implement 
some kind of real security.
cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk