claiming to be Zsolt Brandt, <zsolt.brandt@xtra.co.nz> said:

> hey has anyone else seen this? was in my mailbox this evening. we all
> know there are simply things we can make our routers more secure. does
> anyone know if this is legitimate or someone;s idea of a scaremongering
> hoax? cheers, Zsolt

Read below for my comments

> Also, in most cases, the adsl modems also allow a 'telnet redirection'
> which could allow a hacker to connect to your modem, then connect
> through yours, to a number of other modems, then perform anythign they
> want almost untraceable. A hacker with New Zealand only internet
> access, or to minimize their international downloads, set up a 'port
> rediraction' allowing them to download large amounts of data via your
> connection. If this were to happen, you could be paying a large fee for
> internet traffic you didn't use!

Anyone know whether this is actually possible? This seems to me to be more
of a scaremonger technique; downloading "large amounts of data via your
connection" doesn't really advantage the "hacker" (unless it's a JetStart
user getting international data) - they still have to get the data back to
themselves.

> This problem has not been publicly released. Please do not report this
> problem yet, hackers use the media everyday to find out about new
> problems and take advantage of them before they are patched up. By
> informing the media, you will be putting at least another 500 users in
> the same boat as you at risk. Once this number has reduced to
> manageable numbers, I will then inform the media of the issue.

How exactly are you putting them at risk? Surely this company is not going
to release IP addresses, which means that the only way the "hackers" are
going to find out if a modem has this problem is by scanning IP ranges. They
don't need media help to do this.

> What will this cost?
> If you require our assistance to help you change these passwords, or to
> do a post-fix test, we will charge you NZ$45 + gst for the service -
> This price includes both services. We found out about this problem
> first, we are the best people to fix the problem for you. In almost all
> cases, we have a less than a day turnaround so by tomorrow you can be
> assured you will not be at risk!

Ah hah! Now the truth comes out. :/

Michael

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message