Re: hacking the mitsubishi GB-50A
Desai, Ashish wrote:
> If you read your own post you would realize that Mitsubishi
> kept the device ipaddress prefix as 192.168.1 so only you can attack
> yourself.
Well, as James pointed out already, this reply is a little silly.
But, just to be clear, if Mitsubishi had explicitly documented that this
device should only be used on a private network and had no access
controls, I don't think I'd have a problem.
However, they show a username/password box (which I'm betting is fairly
easilly circumvented if you know the right urls and can forge a cookie
on the client...) so I think it's fair game to expect them to implement
some kind of real security.
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
討論串 (同標題文章)
完整討論串 (本文為第 2 之 4 篇):