On Sun, Jul 18, 2010 at 9:23 PM, Kevin Tollison <ktolli...@gmail.com> wrote: > pfsense 1.2.3rc3 is on the list of successful attacks. Does anyone know if > this is still possible in 1.2.3 Final or 2.0b3. > > > http://arstechnica.com/security/news/2010/07/millions-of-soho-routers-vulnerable-to-new-version-of-old-attack.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss >
This isn't a vulnerability in the software. There are things we can do to help protect against it even if you're grossly negligent (using the default or an easily guessed password), which have been added to 2.0. The only thing this allows someone to do is compromise a vulnerability should one exist (of which there are none known in 1.2.3), or get into it if you're using the default password or an easily guessed password. Just do what we've been suggesting for years (use strong passwords, don't use the same browser to administer ANY web managed device as you do for general Internet browsing), and you're fine. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org