-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Good to hear, but hard to see how this will really fix anything. Unlike most modern application and devices, these routers do not update firmware automatically or allow for the user to update them in any real world scenario. Hell, most ISPs who use these are probably not even on this list or pay attention to advisories primarily because they lease/rent the modems/routers out to customers -- placing the responsibility of updating on the user. Who -- in most cases -- even touches the router/modem without support could be violating the ToS. This should show the firmware/router manufactures the need for more real world testing before deployment as well as allowing for patching via the ISP or at least allow the user to update the firmware easily. Thanks for all the hard work, YGN Ethical Hacker Group. Good job and keep it up. Mike Duncan ISSO, Application Security Specialist Government Contractor with STG, Inc. NOAA :: National Climatic Data Center On 08/21/2010 12:30 PM, YGN Ethical Hacker Group wrote: > 2wire support just replied that this has been fixed and new version > (6.x.x.x) has been released. > > The advisory has been updated accordingly. > > http://yehg.net/lab/pr0js/advisories/2wire/[2wire]_session_hijacking_vulnerability -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxyyMYACgkQnvIkv6fg9hZ7QACffimUvg/qbTOO3h2Hkh4VvXFd 2fwAnRSWFwbJm4JNzfgI5CjjBTEG7Pat =j+61 -----END PGP SIGNATURE-----
