8 May 13 – Update
On 7 May 13, Judge Bolton issued an order directing the Plaintiff (Prenda Law) to file a corporate statement (required by FRCP 7.1 & 7.1.1) by 21 May 13. CorpDiscl_Order_00030(AZ) The judge also ordered the following.
In addition to the information required by F.R.Civ.P. 7.1 and LRCiv. 7.1.1, the Disclosure Statement shall also contain a list of each member of each LLC.Failure to file the Corporate Disclosure Statement and a list of the members of the LLCs shall result in sanctions being imposed.
26 Apr 13 – Update
I have two topics of interest here for you today. The first one I will refrain from making any analysis or comment for obvious reasons. Motion to quash a Prenda Law Inc., subpoena to Wild West Domains (2:13-mc-00030). Thank you to everyone who has provided any support. I look forward to hearing what you think of it. The second topic concerns a report that many of the home/small office Wireless Firewall/Routers (WFR) are vulnerable to compromise.
1. On 17 Apr 13, the following documents were filed in the district of Arizona concerning a subpoena seeking DieTrollDie’s identity and contact information maintained by Wild West Domains. The case number is 2:13-mc-00030-SRB, Prenda Law Inc., v. Paul Godfread, Alan Cooper, and John Does 1-10. Archive Docket
MTQSubpWWD_00030(AZ) MTQSubpWWD_-1_00030(AZ) MTQSubpWWD_-2_00030(AZ) SupptoMTQ_00030(AZ) Decl_Cardozo_00030(AZ) Decl_Cardozo_Exhibits_00030(AZ) ReqJudNotice_00030(AZ) ReqOversized_00030(AZ) ReqOversized_-1_00030(AZ)
Enjoy the read. Also here is an EFF article - EFF Moves to Quash Subpoena in Copyright Troll’s Retaliatory Lawsuit.
Just recently, the Independent Security Evaluators (ISE) released the results of a study into security vulnerabilities found in various small office/home office (SOHO) routers and wireless access points. Report ISE assessed 13 commonly available off-the-shelf devices and concluded:
ISE researchers have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. We define a critical security vulnerability in a router as one that allows a remote attacker to take full control of the router’s configuration settings, or one that allows a local attacker to bypass authentication and take control. This control allows an attacker to intercept and modify network traffic as it enters and leaves the network.
- All 13 routers evaluated can be taken over from the local network
- 4 of these attacks require no active management session.
- 11 of 13 routers evaluated can be taken over from the WAN
- 2 of these attacks require no active management session.
The report goes into some detail on the vulnerabilities, the impact, mitigation steps, as well as why you should care. As of the release of the report, ISE only disclosed eight of 13 vulnerable devices. ISE provided all the device vendors with details on what they discovered. I hope the vendors take steps to fix these vulnerabilities, as ISE plans to conduct a repeat evaluation of the 13 devices six months from now. ISE also stated half of the routers with network attached storage (NAS) capability were found to be accessible by a remote adversary (full details will be disclosed in a future article).
As far as why you should care, these devices play such a central role in our Internet access while at home or at a small business location. A compromise of one of these devices could allow people to access your Internet connection, your network, the connected systems, as well as the communication that traverses it. As most people have a “set-up and forget about it” mentality with these devices, once compromised, it could stay that way for a significant period. The report also makes it clear that it only takes a moderately skilled person to exploit these vulnerabilities. General mitigation steps are in the reports, but the WFR vendors are the ones who need to provide update/patches for their devices.