Archive for February, 2013
“Create your own personal hotspot on the go with the T-Mobile 4G Mobile Hotspot—get high-speed Internet on up to five Wi-Fi devices, using a single mobile broadband connection.”
Link to Product on T-Mobile’s Website
- Reported to T-Mobile and ZTE on 4/14/12.
- Received notification from T-Mobile on 4/17/12 that the vulnerabilities would be forwarded to their security team for review.
- Received no meaningful response from ZTE.
- No fixes provided, disclosure 2/21/13
Device: T-Mobile 4G Mobile Hotspot ZTE MF61
The access point broadcasts as ‘T-Mobile Broadband#’ where # changes per device.
We’ve got a bit of problem: applets.
You see, almost every recent security vulnerability and recent hack – Facebook, Apple, NYT – has been because of your support for applets.
Just to name a few, there’s CVE-2012-3213,CVE-2012-3342,CVE-2013-0351,CVE-2013-0409,CVE-2013-0419,CVE-2013-0423,CVE-2013-0424,CVE-2013-0425,CVE-2013-0426,CVE-2013-0427,CVE-2013-0428,CVE-2013-0429,CVE-2013-0432,CVE-2013-043,CVE-2013-0434,CVE-2013-0435,CVE-2013-0438,CVE-2013-0440,CVE-2013-0441,CVE-2013-0442,CVE-2013-0443,CVE-2013-0445,CVE-2013-0450,CVE-2013-1473,CVE-2013-1475,CVE-2013-1476,CVE-2013-1478,CVE-2013-1480,CVE-2013-1481,CVE-2013-1486,CVE-2013-1487,CVE-2013-1488.
We all make mistakes and nobody is going to blame you (except maybe the malware authors) for getting rid of applets.
Do it! Axe it!
Security Enthusiast and Java Developer