Hello and welcome to the Wednesday, March 4th,

2006 edition of the Sands Internet Storm Centers.

Stormcast, my name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu undergraduate certificate program in Applied Cybersecurity Security.

Today's diary is about, well, some brute force attacks against crush FTP. Actually, not sure if I should even call it a prude force attack.

It's really more just looking for common default passwords. However, just want to put a couple of things clear here.

First of all, this is not a vulnerability in Crush FPP.

There have been significant vulnerabilities in the past.

This is not one of them.

All they're looking for is for users who set up Crush FTP with an admin user of Crush Admin and a password of

Crush Admin. I went through the setup of Crush FPP and as you're setting it up, it basically

asks you, hey, what is the username you want to use for a crush FTP, for the admin user?

In the documentation, Crush Admin is one out of a few that they recommend,

kind of that you use for a username.

However, there is no default or recommended password.

So really, if you're picking the password Crush admin, it's on you. It's your mistake. It's nothing really that crush FTP really did wrong here other than maybe they should prevent some really stupid passwords like that.

And today's also Android patch Tuesday. So with that, we got patches from Google for 140 different vulnerabilities.

Noteworthy here is one vulnerability that affects the Qualcomm display drivers. And this particular

vulnerability is already exploited in the wild. And well, it's one of those memory management issues.

They have released a patch for it now with this update,

so make sure that you're keeping your Android phones updated,

even though it, as I always say, may take a while for these patches

...