So BT added a new security feature on the latest version of the BT Home Hub firmware (6.2.6.E at time of writing) which changes the default admin password from admin to the serial number of the router. From BT Support and Advice site:
When I first noticed this new feature I thought it was quite cool and definitely a good move from BT. […]
CONFidence was great! We would like to thank to Andrzej, Anna and everybody else in the CONFidence team for making this event one of the greatest experiences of a lifetime. Thanks again. We are looking forward for the next event. :)
There were many interesting presentations. We’ve tried to attend all of them although it was really hard to do so when the weather in Krakow was so nice (very different from the weather conditions in cloudy/rainy London). […]
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an information security think tank and because we encounter some very interesting vulnerabilities in our work, we often share our findings with the masses in order to give something back to the community. […]
The Hack in the Box (HITB) conference that took place in Dubai, was all in all great fun. I would like to personally thank Dhillon, Belinda, Amy and everybody else from the HITB crew for making this event possible and making sure that everybody had a good time. The devil is in the details and this is what makes HITB the best conference in Asia and the middle-east region. I am anxiously looking forward to HITB KL. […]
The Black Hat Europe 2008 event took place on the 27th and 28th of March. In this post, you will be able to find information regarding my talk and research.
My presentation was titled Client-side Security. Here is the abstract:
The event was very interesting and very well organized. I met a lot of people and had very interesting discussions all together. You can download the conference materials from here. The paper is located here and the slides over here. […]
Yes, we’re back with more embedded devices vulnerability research! And yes, we’re also back with more security attacks against the BT Home Hub (most popular DSL router in the UK)!
As you know, we encourage folks in the community to team up with GNUCITIZEN in different projects as we’ve had very successful experiences doing so. This time it was Kevin Devine’s turn. […]
Here is the second version of the ZyXEL routers penetration testing paper. This second part of the paper is also fully practical just like the first one. No theory whatsoever, but rather real juicy attacks which is what we pentesters/whitehats are interested in (after all we need to be aware of what the bad guys can do)!. Unlike the first part of the paper, this one focuses more on attack techniques rather than newly-discovered vulnerabilities. […]
Help us create the best hacking reference/manual/book ever made. We provide the scene, the resources and the money, and you keep the credits and the control over the eventual profits. Read on.
During the next couple of months we are open for your submissions. The idea is to harvest the knowledge of the crowds in order to create the best hacker manual ever made. The process is very simple. […]
We were honored to be guests to Paul and Larry on PaulDotCom Security Weekly - the best security podcast on the Web.
The show was rather long, about 2 hours, but we’ve discussed many interesting things. Please mind the quality on Adrian’s and especially mine side of the audio stream. I used a very crappy headset, which was the cause of all sorts of problems. […]
Hacking is not only about coming up with interesting solutions to problems, but also about exploring the unknown. It was this drive for knowledge philosophy that lead to surveying a significant sample of the Internet which allowed us to make some VERY interesting observations and get an idea of the current state of remote SNMP hacking.
Why SNMP?
2.5 million random IP addresses were surveyed via SNMP. Why SNMP you might be asking? Well, there are several reasons. […]