Woops

From Richard van den Berg:



----- Message from Kee Hinckley on Tue, 27 May 2003 20:34:27 -0400 -----

To: CORE Security Technologies Advisories

cc: Bugtraq , Vulnwatch , full-disclosure

Subject: [VulnWatch] Re: CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass

While you are fixing the vulnerability in your Axis video camera. Please also stop to check and make sure that you have turned off (or properly configured) it's ability to send snapshots via email. If you turn on the function without configuring the addresses, older cameras will default to sending email to mail@somewhere.com "from" olga@somewhere.com. We get on the order of ten to fifteen thousand of these every day. On occasions when we've bothered to look, we've seen things ranging from computer rooms to jewelry store security cameras. Probably not the kind of thing you'd want to be sending to strangers.


Har har har