There were holes discovered in Barracuda networks hardware recently, all because they source product from China instead of the US.


https://krebsonsecurity.com/2013/01/backdoors-found-in-barracuda-networks-gear/


variety of the latest firewall, spam filter and VPN appliances sold by Campbell, Calif. based Barracuda Networks Inc. contain undocumented backdoor accounts, the company disclosed today. Worse still, while the backdoor accounts are apparently set up so that they would only be accessible from Internet addresses assigned to Barracuda, they are in fact accessible to potentially hundreds of other companies and network owners.

Barracuda’s hardware devices are broadly deployed in corporate environments, including the Barracuda Web Filter, Message Archiver, Web Application Firewall, Link Balancer, and SSL VPN. Stefan Viehböck, a security researcher at Vienna, Austria-based SEC Consult Vulnerability Lab., discovered in November 2012 that these devices all included undocumented operating system accounts that could be used to access the appliances remotely over the Internet via secure shell (SSH).

Viehböck found that the username “product” could be used to login and gain access to the device’s MySQL database (root@localhost) with no password, which he said would allow an attacker to add new users with administrative privileges to the appliances. SEC Consult found a password file containing a number of other accounts and hashed passwords, some of which were uncomplicated and could be cracked with little effort.

Viehböck said he soon found that these devices all were configured out-of-the-box to listen for incoming SSH connections on those undocumented accounts, but that the devices were set to accept connection attempts only from Internet address ranges occupied by Barracuda Networks. Unfortunately, Barracuda is not the only occupant of these ranges. Indeed, a cursory lookup of the address ranges at network mapping site Robtex.com shows there are potentially hundreds of other companies running Web sites and other online operations in the same space.

It's a different issue, it seems.

Remote control that, hackers.

Have done so ever since I read about how they can be turned on remotely. Ew.

If I want to Skype someone, the Post-It is easy to remove.

And I'm not kidding.

Strange peoples could be watching me read the internets while eating M&M's!!1!!
(remind self to yawn and pick nose more often...)

" at least 23 million of the devices are susceptible to full takeover by hackers, potentially becoming a jumping-off point for an attack on the victim’s network behind any firewall."

http://www.forbes.com/sites/andygreenberg/2013/01/29/disable-a-protocol-called-upnp-on-your-router-now-to-avoid-a-serious-set-of-security-bugs/

The tools by by Rapid 7, the security firm that discovered the issue (I linked to one of them above), are worth using, besides disabling UPnP on your devices.

...many people, like myself, have uPnP printers that store many of our printed documents. I can pull up any of the last 25 documents I've printed and reprint them without my computer even being on. If someone gets uPnP control of my printer, they can see everything I print.

That's not a showstopper for me, but I know plenty of small business owners who print payroll and other "sensitive" documents from their printers, who could be devastated by a remote breach like this.

The routers may be a bigger concern though. If they can breach your router, they can potentially intercept every bit of traffic on your network. That might include VoIP phone calls, traffic from wifi connected phones and devices, AND your M&M munching browsing sessions.