Chinese telecoms kit maker Huawei has said it is investigating claims by researchers that two of its router products contain serious vulnerabilities which could allow hackers to remotely take control of the devices. Felix Lindner and Gregor Kopf of Berlin-based Recurity Labs announced their findings at the Defcon hacking show at …
that's a new email address...
Or Huawei block the Googlebot, and the bingbot and the yahoobot and the dogpilebot (those are the only ones i checked.) The only site that showed in google results was The Register (this article.)
The email address that First.org has for them is different...imagine that.
And this is in the header of their PGP public key:
Version: PGP Desktop 9.0.4 (Build 4042) - not licensed for commercial use: www.pgp.com
This must be a fine, upstanding company.
Nope, it was designed deliberately.
Huawei looking into critical router
backdoor flaw claims.
Of course it's only a flaw.
Bah, now this flaws will need a password to be accessed remotely ...
Of course it's a 90s style vuln, it probably *is* 90s code written at 3Com, Ericcson or Lucent that somehow magically ended up in a Huawei product. Wouldn't likely be the first time either.
Re: Of course
Holy shit. That means that by perusing the CVS database, you could potentially break every Huawei installation in the world, right?
I guess Cisco haven't patched it yet...
No way can Huawei release a patch until Cisco do - they've got nowhere to steal it from until then!
More worryingly, the PGP public key for them on FIRST's website differs from the one linked to on the press release page!
I didn't notice that
Is their (on their press release page link) PGP key still signed with a not-for-commercial-use package?
(after checking) Nope, it's signed by a 4 year old release of GnuPG running under MingW32...
wow just wow
Who in their right mind would buy any kit from this outfit? Oh that right they leave the purchasing decisions to the retards (mgmt & accounting).