If you’re not buried in the Lucene/Solr 6.0 release, you may be interested in weekend hacking practice.
Swati Khandelwal reports on an easy hack of cable modems in No Password Required! 135 Million Modems Open to Remote Factory Reset.
From the post:
More than 135 Million modems around the world are vulnerable to a flaw that can be exploited remotely to knock them offline by cutting off the Internet access.
The simple and easily exploitable vulnerability has been uncovered in one of the most popular and widely-used cable modem, the Arris SURFboard SB6141, used in Millions of US households.
Security researcher David Longenecker discovered a loophole that made these modems vulnerable to unauthenticated reboot attacks. He also released his “exploit” after Arris (formerly Motorola) stopped responding to him despite a responsible disclosure.
The Bug is quite silly: No Username and Password Protection.
See Swati’s post for the details on the hack.
Before you go looking for wifi hotspots and vulnerable modems, remember hacking law enforcement, other government agencies, indeed, any modem/network may be criminal activity.
As I have pointed out before, legal liability for vendors is the answer to this type of defect. It has worked in other areas of products liability and there is no reason why it could not work for computer software/hardware.
Good hunting!