[EAS] Digital Alert Systems From Monroe Electronics Contain a Known SSH Private Key and are Vulnerable to Remote Attack
Ed Czarnecki
ed.czarnecki at monroe-electronics.com
Tue Jul 9 12:54:11 CDT 2013
Richard - this is kind of old news (several months old, in fact). We
released a software bundle back in April that mitigated the identified
concerns with a cumulative security update.
Our statement on the matter from 24 April can be seen at
http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf.
I want to be very clear. That advisory relates to previously identified
issues that had already been addressed months ago with version 2.0-2. The
CERT report itself states very clearly that software version 2.0-2 update
fixed these issues.
The vast majority of DASDEC users have already implemented the version 2.0-2
update, so this should not be an issue. However, if you are not using
v2.0-0, please go to support at digitalalertsystems.com to obtain that update.
The article and the security researcher's report are highly problematic in
several regards. A critical omission is that both we the manufacturer and
DHS CERT had **already** identified that a software mitigation was available
and implemented by the large majority of users. There are additional errors
and omissions in the article.
Issue identified. Issue mitigated. Should have been a non-story.
p.s. - if you're not using a firewall with your CAP EAS gear, please
strongly consider doing so. Irrespective of your EAS vendor.
-----Original Message-----
From: eas-bounces at radiolists.net [mailto:eas-bounces at radiolists.net] On
Behalf Of Richard Langevin - EMERMGTX
SSH Private Key and are Vulnerable to Remote Attack
All,
>From a IT friend of mine
Well, so even if you change the login username and password, they're still
not always safe.
http://www.securityweek.com/root-ssh-key-compromised-emergency-broadcast-sys
tems
http://www.ioactive.com/pdfs/IOActive_DASDEC_vulnerabilities.pdf
Richard Langevin
Emergency Services Planner / Communications Maricopa County Dept of
Emergency Management
5630 East McDowell Rd.
Phoenix, AZ 85008
Office: 602-273-1411
Cell: 602-527-6445
LangevinR at mail.maricopa.gov
KB7YEB, AA9MCD,KM7EOC,WGY9491
__________________________________________________________
The EAS Forum Discussion List is hosted by the BWWG (Broadcast Warning
Working Group). http://eas.radiolists.net Please invite your friends to join
our Forum! The sign up is at:
http://lists.radiolists.net/mailman/listinfo/eas
___________________________________________________________
More information about the EAS
mailing list