Home » 

UK ISP News Archives

 » 
Sponsored Links

ISP Kicks Customer For Exposing Security Flaw

Posted: 18th Apr, 2007 By: MarkJ
The 24Mbps ADSL2+ offering UK ISP 'Be' (BeThere) has kicked one of its customers, Sid Karunaratne, after he revealed a little too much about one of the providers security vulnerabilities:

BeThere took the retaliatory action four weeks after subscriber Sid Karunaratne demonstrated how the ISP's broadband routers can be remotely accessed by anyone curious enough to look for several poorly concealed backdoors. The hack makes it trivial to telnet into a modem and sniff users' VPN credentials, modify DNS settings and carry out other nefarious acts.

Alas, Karunaratne's February 22 posting originally included the specific password needed to carry out the attack - a tack from the "full disclosure" school of vulnerability reporting that is considered a no-no in many security circles. Less than 48 hours later, he removed the password information, but that didn't stop the ISP from exacting its retribution.

"We have carried out a full and diligent investigation into the alleged breach and your posting relating to it," a BeThere email informed Karunaratne. "Based on that investigation, we do not believe that there was (prior to your post) any such security breach. Therefore, the passwords could only have been obtained through illegal means (i.e. by hacking)."

The ISP also threatened Karunaratne with legal action if he attempted further accesses to their network or revealed more details to the public. Sadly the vulnerability itself still exists and 'Be' is busy working on a way to plug it without disrupting subscriber services.

The Register's coverage of the incident makes for an interesting read and while the ISP’s response may have been harsh, Karunaratne should never have revealed the password itself.
Search ISP News
Search ISP Listings
Search ISP Reviews
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £25.00
132Mbps
Gift: None
Sky UK ISP Logo
Sky £26.00
145Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Brsk UK ISP Logo
Brsk £19.00
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (5979)
  2. BT (3629)
  3. Politics (2697)
  4. Business (2418)
  5. Openreach (2399)
  6. Building Digital UK (2322)
  7. Mobile Broadband (2121)
  8. FTTC (2076)
  9. Statistics (1886)
  10. 4G (1790)
  11. Virgin Media (1743)
  12. Ofcom Regulation (1567)
  13. Fibre Optic (1461)
  14. Wireless Internet (1453)
  15. FTTH (1385)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules