[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hacking the mitsubishi GB-50A



Desai, Ashish wrote:
If you read your own post you would realize that Mitsubishi kept the device ipaddress prefix as 192.168.1 so only you can attack
yourself.

Well, as James pointed out already, this reply is a little silly.

But, just to be clear, if Mitsubishi had explicitly documented that this device should only be used on a private network and had no access controls, I don't think I'd have a problem.

However, they show a username/password box (which I'm betting is fairly easilly circumvented if you know the right urls and can forge a cookie on the client...) so I think it's fair game to expect them to implement some kind of real security.

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk