Attacks on US since ive been watching... 32000+
Attacks on Canada... 4

Bryce D
NETAGO

From: [email protected] 
[mailto:[email protected]] On Behalf Of RickG
Sent: Tuesday, December 23, 2014 23:34
To: Mikrotik Users
Subject: Re: [Mikrotik Users] Are Mikrotik Routers affected by this?

LOL, forget The Dude - need something like this: 
http://ftmdaily.com/global-issues/terrorism/mind-blowing-app-reveals-global-cyberwar-in-real-time/

On Tue, Dec 23, 2014 at 12:08 PM, Justin Miller 
<[email protected]<mailto:[email protected]>> wrote:

What does Misfortune Cookie have to do with TR-069?

We began this research by surveying client-side implementations of 
TR-069<http://en.wikipedia.org/wiki/TR-069> (CWMP), after noticing the extreme 
prevalence<https://zmap.io/paper.pdf%22> of endpoints listening on the default 
CWMP Connection-Request port (7547), second only to HTTP (port 80) listening 
endpoints. Misfortune Cookie was uncovered during the examination of RomPager - 
the most popular recognized service on this port.

Is this a problem with the TR-069 protocol specification?

While the proliferation of devices managed by TR-069 is responsible for 
creating a very large vulnerable client population, Misfortune Cookie is not a 
vulnerability related to the TR-069/CWMP per se. Misfortune Cookie affects any 
implementation of a service using the old version of RomPager's HTTP parsing 
code, on port 80, 8080, 443, 7547, and others.
http://mis.fortunecook.ie/



Justin Miller

 VA SkyWire, LLC
 1707 E Main St
 Richmond, VA 23223
 Office: (804) 521-4212
 Desk: (804) 591-0500 ext 101
 Fax: (804) 591-1559
 [email protected]<mailto:[email protected]>

On Dec 23, 2014, at 12:00 PM, Brough Turner 
<[email protected]<mailto:[email protected]>> wrote:

No it's an issue with the RomPager embedded web server software from Allegro 
Software.
See:
   http://www.prweb.com/releases/misfortunecookie/allegrosoft/prweb12409335.htm
   
https://www.allegrosoft.com/allegro-software-urges-manufacturers-to-maintain-firmware-for-highest-level-of-embedded-device-security/news-press.html
MikroTik does not use this software but some models by ASUS, D-Link, Edimax, 
Huawei, TP-Link, ZTE, and ZyXEL do.


Thanks,
Brough

Brough Turner
netBlazr Inc. - Free your Broadband!
Mobile:  617-285-0433   Skype:  brough
netBlazr Inc.<http://www.netblazr.com/> | 
Google+<https://plus.google.com/102447512447094746687/posts?hl=en> | 
Twitter<https://twitter.com/#%21/brough> | 
LinkedIn<http://www.linkedin.com/in/broughturner> | 
Facebook<http://www.facebook.com/brough.turner> | 
Blog<http://blogs.broughturner.com/> | Personal 
website<http://broughturner.com/>


On Tue, Dec 23, 2014 at 11:54 AM, Justin Miller 
<[email protected]<mailto:[email protected]>> wrote:
No it's an issue with TR-069 which is not part of RouterOS.


Justin Miller

 VA SkyWire, LLC
 1707 E Main St
 Richmond, VA 23223
 Office: (804) 521-4212<tel:%28804%29%20521-4212>
 Desk: (804) 591-0500 ext 101<tel:%28804%29%20591-0500%20ext%20101>
 Fax: (804) 591-1559<tel:%28804%29%20591-1559>
 [email protected]<mailto:[email protected]>

On Dec 23, 2014, at 11:25 AM, Joey Craig 
<[email protected]<mailto:[email protected]>> wrote:

Misfortune Cookie vulnerability affects 12 million routers | CSO Online

http://www.csoonline.com/article/2862378/malware-cybercrime/misfortune-cookie-vulnerability-affects-12-million-routers.html
_______________________________________________
Mikrotik-users mailing list
[email protected]<mailto:[email protected]>
http://lists.wispa.org/mailman/listinfo/mikrotik-users


_______________________________________________
Mikrotik-users mailing list
[email protected]<mailto:[email protected]>
http://lists.wispa.org/mailman/listinfo/mikrotik-users
_______________________________________________
Mikrotik-users mailing list
[email protected]<mailto:[email protected]>
http://lists.wispa.org/mailman/listinfo/mikrotik-users


_______________________________________________
Mikrotik-users mailing list
[email protected]<mailto:[email protected]>
http://lists.wispa.org/mailman/listinfo/mikrotik-users



--
-RickG KyWiFi
_______________________________________________
Mikrotik-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Reply via email to