We just want to make a public warning to those users of Motorola/Netopia Timbuktu Remote Control Software who are using the Internet Locator service. This service allows to locate any Timbuktu's user just by knowing the email.
More than five months ago we notified Netopia's customer support (http://blog.wintercore.com/2008/04/26/things-that-shouldnt-be-there/), after discovering a hardcoded user/password pair within SALT.dll.
PE section: .rdata
By using this information it was possible to access, in real-time, to hundreds of users' records containing their IP, email, software version and information related to the license.
We have received no reply since then. 5 months after, we have found out what we would say an "obvious" patch: "if the problem was the user/password, well, let's remove it!. Fixed.".
Now, everyone can access those records without having valid credentials.
Taking into account that there are remote exploits available for that software, that everyone can grab your IP and software version, and that there are emails from government, military and high-profile corporate staff, better you disable that feature.