Thomson vulnerability discovered
Note: I already disclosed what I found, it can be found here: http://www.backtrack-linux.org/forum...l=1#post212902
Ok, what happened is that I discovered a exploit that enables me to get the default wireless password from any router (no matter which protection the router has, no matter which model it is) of a given brand of routers. So now I have a dilemma... Should I try to contact the enterprise that produces such routers, and try to warn them? Should I make my findings available to the whole world to see? Or should I just keep quiet about it? I'm just a student, I have no professional experience in the Security area, so I don't know if the enterprise would take me seriously.
I know that if I disclose what I've discovered, many people will use my findings with malicious intentions. Take for example the stkeys from Kevin Devine. Once it was discovered, and being that the major ISP in my country was distributing Thomson routers along with their services, it was a chaos. Every router they distributed was vulnerable. Thankfully Thomson fixed the problem (although IMHO they were lazy on the fix and the routers are still vulnerable, although it's not as easy as inputting the SSID on a small program and getting the wireless key), but the routers manufactured before the fix just kept like they were, vulnerable. I mean, I know people that haven't paid for their internet for more than a year, they just use their neighbors connection. That's the kind of things I would like to avoid.
On the other hand, if I keep quiet about it, inevitably someone will discover it and disclose it to the general public. Also, being that I intend to follow a career in the Security area, I think that a discovery like this would look good on my curriculum vitae.
What do you think?
Cheers!
