Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

Security researchers are expected to disclose new vulnerabilities in near field communication NFC, mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference. The Black Hat session aim to expose sometimes shocking vulnerabilities in widel...

Weak RSA Keys Plague Embedded Devices, But Experts Caution Against Panic

If all of the noise about weak RSA keys and compromised cryptosystems in the last few days has done anything, it’s to confirm what many in the cryptography community have known for quite a long time: When it comes to implementing cryptosystems, there are a whole lot of people doing it wrong...

Was The Three Character Password Used To Hack South Houston's Water Treatment Plant A Siemens Default?

Siemens said on Tuesday that it is working with the U.S. Department of Homeland Security to investigate a cyber intrusion into a water treatment plant in South Houston, Texas, but couldn’t confirm that a default, three digit password hard coded into an application used to control the company’s...

SSL Certificate Chain Contains Unnecessary Certificates

At least one of the X.509 certificates sent by the remote host is not required to form a path from the server's own certificate to the CA. This may indicate that the certificate bundle installed with the server's certificate is for certificates lower in the certificate hierarchy. Some SSL...

Group Publishes Database of Embedded Private SSL Keys

A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of ...

GoAheaad WebServer - Source Code Disclosure

GoAheaad WebServer - Source Code Disclosure Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability Date: 5-28-10 Author: Sil3ntDre4m Software Link: http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip Version: 2.18 and earlier Tested on: Windows Affects: Windows platform...

GoAhead Webserver 2.18 Source Code Disclosure

Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability Date: 5-28-10 Author: Sil3ntDre4m Software Link: http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip Version: 2.18 and earlier Tested on: Windows Affects: Windows platform only Code :...

GoAheaad Webserver Source Code Disclosure Vulnerability

Exploit for windows platform in category remote exploits ======================================================= GoAheaad Webserver Source Code Disclosure Vulnerability ======================================================= Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability...

Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack, due to the fact that their administrative interfaces are publicly viewable from anywhere on the internet and their owners have failed to change the...

CVE-2006-1206

Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service connection slot exhaustion via a large number of connection attempts that exceeds the MAXUNAUTHCLIENTS defined value...

DEBIAN-CVE-2006-1206

Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service connection slot exhaustion via a large number of connection attempts that exceeds the MAXUNAUTHCLIENTS defined value...