Results 1 to 10 of 35

Thread: What can someone do after discovering a "exploit"?

Threaded View

  1. #1
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Thomson vulnerability discovered

    Note: I already disclosed what I found, it can be found here: http://www.backtrack-linux.org/forum...l=1#post212902

    Ok, what happened is that I discovered a exploit that enables me to get the default wireless password from any router (no matter which protection the router has, no matter which model it is) of a given brand of routers. So now I have a dilemma... Should I try to contact the enterprise that produces such routers, and try to warn them? Should I make my findings available to the whole world to see? Or should I just keep quiet about it? I'm just a student, I have no professional experience in the Security area, so I don't know if the enterprise would take me seriously.

    I know that if I disclose what I've discovered, many people will use my findings with malicious intentions. Take for example the stkeys from Kevin Devine. Once it was discovered, and being that the major ISP in my country was distributing Thomson routers along with their services, it was a chaos. Every router they distributed was vulnerable. Thankfully Thomson fixed the problem (although IMHO they were lazy on the fix and the routers are still vulnerable, although it's not as easy as inputting the SSID on a small program and getting the wireless key), but the routers manufactured before the fix just kept like they were, vulnerable. I mean, I know people that haven't paid for their internet for more than a year, they just use their neighbors connection. That's the kind of things I would like to avoid.

    On the other hand, if I keep quiet about it, inevitably someone will discover it and disclose it to the general public. Also, being that I intend to follow a career in the Security area, I think that a discovery like this would look good on my curriculum vitae.

    What do you think?
    Cheers!
    Last edited by Snayler; 01-29-2012 at 10:44 AM.

Similar Threads

  1. Replies: 5
    Last Post: 03-26-2012, 11:42 AM
  2. Replies: 4
    Last Post: 02-24-2011, 04:52 PM
  3. Win2003 / R2 und exploit "ms08_067" Problem
    By Drake379 in forum Anfänger Ecke
    Replies: 3
    Last Post: 05-10-2010, 05:54 AM
  4. Video Demo "Vom POC zum Exploit SEH" by ozzy
    By ozzy66 in forum Tutorials und Howtos
    Replies: 5
    Last Post: 01-20-2010, 10:41 AM
  5. msfcli cannot load "listening" exploit?
    By bruk0ut in forum OLD BT4beta Bugs and Fixes
    Replies: 8
    Last Post: 03-10-2009, 07:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •