When a “Fix” is Not a Fix - The Fix is In - Sister CISA CISSP
Home > IT Blogs > Sister CISA CISSP > When a “Fix” is Not a Fix - The Fix is In
>>VIEW ALL POSTS  

Sister CISA CISSP

« Using Time-Warner as Your Internet Provider? Check Your Modem QUICKLY
A Not-So-Great Use of Cloud Computing »
Oct 30 2009   12:53AM GMT

When a “Fix” is Not a Fix - The Fix is In



Posted by: Arian Eigen Heald
Wireless, Stupid Technology, TCM (Truly Clueless Management), Data Breaches, Tearing My Hair Out, Hardware & InfoSec, information security

In my previous post, I discussed the Time Warner/SMC modem enormous security flaw.

Lo and behold, I am visited and left a comment by “Adam Wood” defending SMC, and telling me/us what a wonderful job SMC is doing about this issue.

(That’s got to be a really crappy job for a lowly PR flack; surfing the Internet for comments on the SMC modem, and uploading a canned positive comment wherever he can.)

Despite “Mr. Wood’s” comments about how SMC is fixing the problem in an absolutely wonderful way, I admit to some slight cynicism. Especially after reading more from David Chen, the guy who found it in the first place.

According to Mr. Chen, Time-Warner claimed to have pushed out a “temporary fix.” But here is his latest conclusion:

UPDATE: Finally figured out what the “patch” Time Warner deployed was. If a user tries to login with the user/user account, it simply kicks them back to the login page with javascript. All routers are still open to the internet and all still have the same default admin password.

It seems that a fix from Time-Warner or SMC seems to consist almost entirely of PR.

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Michael Morisy  |   Oct 30 2009   5:24PM GMT

Sad that that’s the best effort TWC can come up with, but hopefully with Chen’s suggested fixes, something more permanent is in the works, and soon!