[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] [OT maybe] CVE-2016-5195 vs Amazon FireOS 5.6.2.0
- To: list@xxxxxxxxxxxxx
- Subject: Re: [LUG] [OT maybe] CVE-2016-5195 vs Amazon FireOS 5.6.2.0
- From: Paul Sutton <zleap@xxxxxxxxx>
- Date: Tue, 24 Jul 2018 09:42:46 +0100
- Autocrypt: addr=zleap@xxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFmTam4BEADRmZImEFNQVkDnI/YDDzc/7+Jmz421eQy6/8Go6gitESbI21f8SxXr2xWh pNgFSnfR+WzVvfkUJ8z0ObNrVMuzcfYyiiUt6rJzV2yIPKP6hCYvTn83mS9P3k8wkJ/8yjRA JWHY06SC/Z3h1CTD2S67a4v8Cm428mAk5fdrMvyd1dnoDR9hlvp5ufiqVW/ltmJqQqE3HT/1 /qU/4GtbkgoSIgSeq2e3ABq8u8SnyQq27vNX69jIuMoLjhKChEVvHF2PPQVxJXjx1Wdj3OHn 3PQfTvGrWe+w0FOD16Ch6OoemsHsfrU813AsENTGbqHeS1BuvJGLPcqagbIaqmSJnoBGIY0m 8aldcmRIll/blKiYDkLcrhAZCJBkYSU8Lfqo0V3cQ17CZmHYzX/ng936+dYOwYOYIf5dhTJ+ JOwEEs5j0JQuwH8EA8CI2RQPN7NDiw+/K/u6WWVr48AjeVjgLxbskeSdKG0hJ5eemsrjVYY7 sYwv82dhQHmm4XfjLpKuaKUSoaGV5Qy210eZqyDBy7es925c4KBvSwLpeB8C8NbFXGVHj7nc wCyXXxGvSOO1aQue+goXgiO/JeuuRsU4ZdQcnrETV1ySsJrvH3CQyX7T4ZUbvCp95pkKExjf 3hoxmnHpGfKFQ7UMEz8WLqw1Qry4ote21/rdIl4mvUUBQJJDpwARAQABzTVwYXVsQHRvcmJh eXRlY2hqYW0ub3JnLnVrIDxwYXVsQHRvcmJheXRlY2hqYW0ub3JnLnVrPsLBfQQTAQgAJwUC WZNqbgIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCrQnqThftq7XLMEACN fjMx8SkQh7HPethnZfHb+wGm09yL+W51dzK7glq6gPz/YH7b0jeLbcdnkrKclMJvflAYdxBX jj07X+aOV9lmIjHG2Kf2yQj5qlxEAMUAGhTO+B8jSXeWgPT0Yx5uoe5dvVY8JRjv1eu+p43j t2TthtOARHDO0xkUp5lYIHVcPmD5fNulDYC9/sFog/CmkxpfFAomGokxwwXVLTv1pAVZ4JTG g2gRqWUXighqfXWXdGPSNc6S2nBFWAqi+08NLKV9m3wcHx9al7bheulcXCDB8FAMU4ezxuzb PsnWXP/LQBROWNgHjsnjeKxSrvbvJaDdZLL9tSA4rSCVSF1O7gQgS5ZyjmipnERkdhvG/Ikv ZY8PPFY1UlR7cjyKvQZYXbh+UB3oe8Peq8yHpRirO/jjOd73qmkSPwFJVeLO8dncIuc3kTj/ F5we/Bg2jPXv1qa8CaSn3XiQHgy0gynv2qHClvwm2MiFIGFegmqZLhMky5U14XQDfycLDlVs +mTqnwohr+PV0LbQOp4I6yTZC/u6DQ077eomD/xUdb1aIp9JpkQJRLFAuX7Mopiu0jjt9o1l 9yKQTN+p4p15EzoibuZHYDQ8+Lf6cg1BIaQgr3Lssz4yDzJl5Z5e8f7UZkWJ/E/30ngorcaC kvYVvSZJaDqsFXE9ddrO4scgYu5xs91AOs7BTQRZk2puARAAwIN8GQEnbCQr+sDr6e2kUSA/ NgrCEOK66Q+18Njhm0TCAlVeU/BCdgUqEyvINcVnFPljI/WZT6sXH+hzKGRwnIlEtzVFKNAS 7XuO1U/TpUax77G6R/cd2FHk8mZ+CDSW+7WvdHTTi/VxgOMm1EsoRHM4s9AonT8rWnBV10IM qBJU/8/AwYZKgihZmcC7ZF9N0Cs1elkdTSmaiM+2WIFI9vZbp8GtAIKsouaRHB4sEvFPBKVc C57NPoAWOk7SjSviuAg5A6e5LY7ixfQaHQfGsxnzZuLTcJEWVGqKt4OlrQZZVpnRresIUyan 4ntKnHuMwkaSq+mrBva2e64SJL4J/1TlmokLo0Kmqrm+qymxnU0TbYN5qO8t/nMXK/AtVzMx SyFQ9EHUuKVv4cvnpe32fRE7sfdMQpRYm+Y0CRN9vwRTPL0KI8O88kDzLvdQApHWiNUU4NBa kH/aMhKonNg9vVN0hmIoLjZciePyyMbjsNJSXEYkmKLW+R4YVit8xAUNRrO5HZVViIH4G3ir dXjU19spIs9omoZVUtqGQcE5OKKd+zDcjBu1GKJDCl08HBU7CH0pc859eUpdzV+A8LIyt16E 9J4XG+jWZlfHAAlZ62WT0W47Mi9dLer1AuH7jbSgkIj6BJjbUdAMmI027/WX0ELhftXlurUa SsROLDDOoHcAEQEAAcLBZQQYAQgADwUCWZNqbgIbDAUJCWYBgAAKCRCrQnqThftq7YQ9D/49 Bk2iZvxpKyJ2CNogaqnR0ZoB2Y0HjgvufwoJ+WzJTw8BCloTG2q9q22VLZ9wvndMqk28o5iz oKiU+LgOcV/Vi1kuJf+WcgUAr+oLCwnQOsP7vc3RM817zUasxuCqw28sJ7/ysEtJ3mhRD4se 2+shRgrQEZf1AopgJGbGuNu9ffGQA0f0pp9/JJCzCsIhh0ezhkwsPJtXuJQKRW7+ch2d/Yhy aE1gV2QZiKI+X9LWm1VM4JV91WFrzckgM3wrK3ZR8iO4XmJunGoARbgvL/nrszvcmUXkfqWT ADUwVqY2XrWPYpWnEXl5O4MD1OXiP0cxy/rtjtDq79xy0acua2HZN+ltz4401l2pXQxy9oT7 ADexhwIgUXUzdFLj8ET2Pf1ZJFiJlX2Lc4s8rVTD8YUtNMmCExvp0eRbm+gy5BRHprM1+H78 b5dDjn9kmuoGul7ucroFJOWH9KPn7qBw5fV+qoturh7RDnyiW0QwCNDt9h4liJuNrNfekbaD /YDMdUQVaiDhfti/FMZ6SAuTRU3XrL5jWGlOpDIbGA08po+gFt6YLu7uyCS4YPF2CloE2WA0 zmuZNmceEZUiqAu1IijDfUWmBz+ft6gylnAZTlCct7TZEwPnTZn7Pjq9YxlQFOjFnpZFADmv zsqFRCPJ1C4Ck6cMepXK+kC8ibqTadAkew==
- Content-language: en-US
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dclug.org.uk; s=1523264761; h=Sender:Content-Transfer-Encoding:Content-Type :Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject :In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner:List-Archive; bh=VokK4tK1ghs2TPiPmwCaJROQEW3iWHtzQhZPX1ub0Uw=; b=nhBGb1OnYwMsa9iSinIVq8Bv87 krXerFRMF4o3Lzj7gz3R+NnkbHvBGjQ6E3iLYbPd0lu295wFl8ENhWzWpyK9DFwVoPZvfhzRGNFNl 0ueMZAXJPzxEW2IIzfzLRoroBTJ01OWQODe06VBc1nOWKOzsuSSRlPR7vijB4PoRcXHo=;
- Openpgp: preference=signencrypt
On 24/07/18 08:52, Simon Waters wrote:
> I fear your joy at Amazon’s inability to roll out kernel fixes may be short lived
> when you discover the network you want to use your shiny rooted Fire tablet on is
> one big botnet playground....
>
> In other news router firmware...
>
I am guessing as these are consumer devices then a vast majority of
people would not really know about DirtyCow or even understand what
privilege escalation is, or the implications of this.
I sort of understand what this means, In terms of a normal user, who is
say denied access to certain permissions who thanks to this but has
access to the ability to carry out tasks beyond what their normal user
would allow.
What it possibly needs is for people to understand this, and be able to
with the right level of confidence to challenge the vendors with the facts.
On a similar security note there still seems to be websites out there
sending password reminders in plain text, so I then question how these
passwords are even stored. I know this is a bad thing, but most people
out there don't and just accept it, they are users, not techies, like
we are here, therefore won't question this happening, and even if you
do question this, you need to back 'this is a bad idea' to actually
making a proper argument and unless a lot of users do this, nothing will
change.
You keep mentioning problems with routers, what exactly am I meant to
do about this,? I check for updates, and have changed the login
password (standard move usually) but are you suggesting I keep buying a
new router then in 3 months by another one. I don't understand this
enough to take affect it just seems like scaremongering unless there is
a proper explanation.
Paul
Paul Sutton
http://www.zleap.net
Friendi.ca :zleap@xxxxxxxxxxxxxxx
--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq