Home » 

UK ISP News Archives

 » 
Sponsored Links

ISP Kicks Customer For Exposing Security Flaw

Posted: 18th Apr, 2007 By: MarkJ
The 24Mbps ADSL2+ offering UK ISP 'Be' (BeThere) has kicked one of its customers, Sid Karunaratne, after he revealed a little too much about one of the providers security vulnerabilities:

BeThere took the retaliatory action four weeks after subscriber Sid Karunaratne demonstrated how the ISP's broadband routers can be remotely accessed by anyone curious enough to look for several poorly concealed backdoors. The hack makes it trivial to telnet into a modem and sniff users' VPN credentials, modify DNS settings and carry out other nefarious acts.

Alas, Karunaratne's February 22 posting originally included the specific password needed to carry out the attack - a tack from the "full disclosure" school of vulnerability reporting that is considered a no-no in many security circles. Less than 48 hours later, he removed the password information, but that didn't stop the ISP from exacting its retribution.

"We have carried out a full and diligent investigation into the alleged breach and your posting relating to it," a BeThere email informed Karunaratne. "Based on that investigation, we do not believe that there was (prior to your post) any such security breach. Therefore, the passwords could only have been obtained through illegal means (i.e. by hacking)."

The ISP also threatened Karunaratne with legal action if he attempted further accesses to their network or revealed more details to the public. Sadly the vulnerability itself still exists and 'Be' is busy working on a way to plug it without disrupting subscriber services.

The Register's coverage of the incident makes for an interesting read and while the ISP’s response may have been harsh, Karunaratne should never have revealed the password itself.
Search ISP News
Search ISP Listings
Search ISP Reviews
 Latest UK ISP News
 Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
100Mbps
Gift: First 3 Months Free
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Sky UK ISP Logo
Sky £24.00
145Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £25.00
150Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: None
150,000+ Customers | View More ISPs
 Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £19.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
100Mbps
Gift: First 3 Months Free
toob UK ISP Logo
toob £22.00
150Mbps
Gift: None
Beebu UK ISP Logo
Beebu £23.00
100 - 160Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Modest Availability | View More ISPs
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
100Mbps
Gift: First 3 Months Free
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Sky UK ISP Logo
Sky £24.00
145Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £25.00
150Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £19.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
100Mbps
Gift: First 3 Months Free
toob UK ISP Logo
toob £22.00
150Mbps
Gift: None
Beebu UK ISP Logo
Beebu £23.00
100 - 160Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6404)
  2. BT (3762)
  3. Politics (2894)
  4. Business (2601)
  5. Openreach (2513)
  6. Building Digital UK (2423)
  7. Mobile Broadband (2295)
  8. FTTC (2111)
  9. Statistics (2012)
  10. 4G (1940)
  11. Virgin Media (1881)
  12. Ofcom Regulation (1674)
  13. 5G (1549)
  14. Fibre Optic (1532)
  15. Wireless Internet (1525)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules