Information Security Think Tank
This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3).
There are two types of vulnerabilities I will be releasing today: disclosure of credentials in client-side source code and multiple XSS. [...]
This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2).
Unlike the previous two vulnerabilities I released, the vulnerabilities I’m releasing in this post are perhaps not so useful to break into the device as you need access to the admin account to exploit them. [...]
This article is a continuation of the following GNUCITIZEN article, which includes an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1).
Privilege escalation via arbitrary file retrieval
The second vulnerability I’ll be releasing is an arbitrary(ish) file retrieval vulnerability. It’s not fully arbitrary because you can only retrieve the contents of files located within the same directory where the vulnerable CGI program is located. [...]
During the easter break, I was playing with my my wireless Linksys IP camera which, although I bought several months ago, I hadn’t taken my time to give the attention this beauty deserves until now! :)
The model in particular is the WVC54GCA, which I would say is one of the most affordable Wi-Fi IP cameras out there (about GBP 80 in the UK), making it a great toy to tinker with. [...]
Perl, Ruby Python: use the language that suits your character. However, one of the things that differentiate python from the rest is its philosophy, which is: there should be one– and preferably only one –obvious way to do it (where it is a problem). This philosophy gives python some interesting advantages over other similar languages. That will be explained later on. [...]
This morning I spotted several blog posts mentioning that Twitter has been hit by yet another XSS worm.
There is no merit in discussing how this has been done and for what purposes but this incident is yet another proof that the attack landscape is rapidly changing and moving towards web enabled infrastructures and the client-side. [...]
Lately I’ve been dropping a lot bash scripts on public forums and of course on work related projects. Many people came back to me asking why I chose bash. Python or perl would have been better! While I agree that both python and perl are a lot more expressive, I disagree that tools in general should be written just to accommodate the needs of a particular framework. Tools are tools and they have their lifetime just like everything else. So should we bother? [...]
Over the last couple of weeks I’ve added more features to the Jeriko toolkit which I briefly covered in my post over here. For those of you who don’t know, Jeriko is a compilation of various bash scripts to ease manual penetration testing practices. The idea is to automate only the things which are sort of boring.
Anyway, now you have a few more scripts at your disposal. [...]
I’ve got quite a lot of good feedback on the security buzzword generator I announced yesterday. For those of you who do not know, the generator is a fun little utility which helps you with coming up with new and exciting buzzwords like a security pro.
We often laugh when a new buzzword makes its rounds in the media but the matter of fact is that buzzwords are important. In essence, buzzwords are just terminology which happens to be used extensively by the media. [...]
In the light of the Month of New Security Buzzwords, I am releasing an online fuzzer to help you generate as many security buzzwords as you like. Sweet!
Jokes aside, tools like this one are quite helpful to brainstorm new ideas. If you ever do research inspired by our buzzword generator, please give us a credit. That way we will know that the tool is actually useful.