who has largest security hole?

Temmu · Nov 14, 2012

starting this topic to see whose security hole is bigger.
i bet i win.

upnp
considered a boon to sharing, first data, and now hardware management.
its goal is to connect everything to everything even (especially) across the internet.
upnp site - http://upnp.org/
hundreds of major companies love it - http://upnp.org/membership/list/

upnp on windows
on xp, it is correctly listed in add/remove windows components, network devices, upnp user interface - http://support.microsoft.com/kb/941206
in vista/7/8 microsoft has cleverly hidden the word "upnp" and replaced it with "network discovery"
this link shows that, and how to en/dis able it - http://windows.micro...twork-discovery

so... what's wrong with a little discovery?
this guy, http://www.upnp-hacks.org/contact.html - wrote this -
http://www.upnp-hacks.org/upnp.html about upnp.
plenty to read on his site.

open wrt (some of us use that on routers, yes?) has this coment on upnp
http://wiki.openwrt.org/doc/howto/upnp
(near bottom) "As UPnP provides no authentication mechanisms, it is commonly regarded as one giant security hole."

steve gibson on upnp (old article, utility still works!)
http://www.grc.com/unpnp/unpnp.htm

ok, your turn, is your hole bigger?

Search

Search

who has largest security hole?

Temmu

Well-known member