Tweet
Hello,
after reading the "new" ROS-mode software manual, an obvious flaw in the interaction between the radio side of software and the internet side was succesfully exploited and tested by myself. Really easy, no obscure buffer overflow or assembler code.. just a bit of brain.
So i quickly advise the author about this. The first mail is just an info i ask to be sure that the vulnerabilty still exist. Quickly (1 hour) Nieto reply, and indirectly confirm the vulnerability.
The second mail, 17 hour ago, i explain the vulnerability to Nieto.
No reply.
Third mail, 15 hour ago, with also i said that i am following a NDA (Non Disclosure Agreement) protocol, i let him 7 days to wrote me what want to do to correct or mitigate the impact of the whole thing.
No reply.
Ok - i feel a bit ignored. So this is the fourth (and last) mail, this morning:
da Cristiano <iz0ien@
a Jose Alberto Nieto Ros <nietoros@
data 18 agosto 2010 09:51
oggetto Re: ROS mode and email reports
proveniente da xxxxx.com
09:51 Zulu
Ok, i think you just ignored what i wrote.
So is fine from my point of view to ignore the NDA. Maybe an
acknowledgement of the "bug" was fair from you, but still i don't have
any reply from you. A simple "thanks" in those hours would have enough
for me, but you just *ignored* my messages.
If i don't have any reason-valid reply to this email, at 13.00 Zulu
(11.0 UTC) i publish the concept of the exploit finalized to ************************** on my HAM board and on my
underground channels.
You just don't have any kind of respect for those that warn you about
a mistake in your own interest.
Cristiano IZ0IEN
2010/8/17 Cristiano
At 13.00 Zulu, in both English and Italian sections , i will publish the exploit, very simple, but not so light from the point of view of the internet world.
Regards,
Cristiano IZ0IEN
after reading the "new" ROS-mode software manual, an obvious flaw in the interaction between the radio side of software and the internet side was succesfully exploited and tested by myself. Really easy, no obscure buffer overflow or assembler code.. just a bit of brain.
So i quickly advise the author about this. The first mail is just an info i ask to be sure that the vulnerabilty still exist. Quickly (1 hour) Nieto reply, and indirectly confirm the vulnerability.
The second mail, 17 hour ago, i explain the vulnerability to Nieto.
No reply.
Third mail, 15 hour ago, with also i said that i am following a NDA (Non Disclosure Agreement) protocol, i let him 7 days to wrote me what want to do to correct or mitigate the impact of the whole thing.
No reply.
Ok - i feel a bit ignored. So this is the fourth (and last) mail, this morning:
da Cristiano <iz0ien@
a Jose Alberto Nieto Ros <nietoros@
data 18 agosto 2010 09:51
oggetto Re: ROS mode and email reports
proveniente da xxxxx.com
09:51 Zulu
Ok, i think you just ignored what i wrote.
So is fine from my point of view to ignore the NDA. Maybe an
acknowledgement of the "bug" was fair from you, but still i don't have
any reply from you. A simple "thanks" in those hours would have enough
for me, but you just *ignored* my messages.
If i don't have any reason-valid reply to this email, at 13.00 Zulu
(11.0 UTC) i publish the concept of the exploit finalized to ************************** on my HAM board and on my
underground channels.
You just don't have any kind of respect for those that warn you about
a mistake in your own interest.
Cristiano IZ0IEN
2010/8/17 Cristiano
At 13.00 Zulu, in both English and Italian sections , i will publish the exploit, very simple, but not so light from the point of view of the internet world.
Regards,
Cristiano IZ0IEN