Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

March 30, 2015

Hotel Wi-Fi Insecurity – Big Time

Filed under: Cybersecurity,Security — Patrick Durusau @ 8:28 am

Hotel Wi-Fi router security hole: will this be the Ultimate Pwnie Award Winning Bug for 2015? by Paul Ducklin.

Paul has a highly amusing account of the Pwnie awards and his choice for 2015: CVE-2015-0932, Vulnerability Note VU#930956.

The security hole at issue:

Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem.

Simply put, some versions of a popular hotel internet access server – those portals you interact with to get Wi-Fi access while you’re at a conference centre or staying in a hotel – can be completely drained of data, and then reprogrammed arbitrarily, via the outside (internet-facing) interface.

Without any authentication.

See Paul’s post for all the details, including a very lucid discussion of rsync that is guaranteed to hold you attention.

Paul also has suggestions for avoiding unpatched ANTlabs InnGate hotel internet access servers.

You can even help your local hotel community by finding unpatched servers. Say near law enforcement conferences. The Department of Homeland Security has helpfully made a list of law enforcement meetings for 2015. (I have a copy just in case it disappears.)

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress