16 Sep
2015
16 Sep
'15
9:36 a.m.
Roland Dobbins wrote on 9/16/2015 1:27 AM:
On 16 Sep 2015, at 11:51, Paul Ferguson wrote:
Please bear in mind hat the attacker *must* acquire credentials to access the box before exploitation.
And must have access to the box in order to utilize said credentials - which of course, there are BCPs intended to prevent same.
There's a big used equipment market. Even in the new equipment market, these devices could be intercepted prior to delivery.