From: Chris Withers (chrissimplistix.co.uk)
Date: Tue Mar 25 2008 - 08:48:18 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Desai, Ashish wrote:
> If you read your own post you would realize that Mitsubishi
> kept the device ipaddress prefix as 192.168.1 so only you can attack
> yourself.

Well, as James pointed out already, this reply is a little silly.

But, just to be clear, if Mitsubishi had explicitly documented that this
  device should only be used on a private network and had no access
controls, I don't think I'd have a problem.

However, they show a username/password box (which I'm betting is fairly
easilly circumvented if you know the right urls and can forge a cookie
on the client...) so I think it's fair game to expect them to implement
some kind of real security.

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]