We were honored to be guests to Paul and Larry on PaulDotCom Security Weekly - the best security podcast on the Web.
The show was rather long, about 2 hours, but we’ve discussed many interesting things. Please mind the quality on Adrian’s and especially mine side of the audio stream. I used a very crappy headset, which was the cause of all sorts of problems. [...]
Hacking is not only about coming up with interesting solutions to problems, but also about exploring the unknown. It was this drive for knowledge philosophy that lead to surveying a significant sample of the Internet which allowed us to make some VERY interesting observations and get an idea of the current state of remote SNMP hacking.
Why SNMP?
2.5 million random IP addresses were surveyed via SNMP. Why SNMP you might be asking? Well, there are several reasons. [...]
I was asked to have a 30 minutes long introductionary presentation on client-side security issues. Although the presentation is very basic and high-level oriented, as it was designed to serve as an overview rather then as an in depth analysis, I thought that, still, someone may find it useful or may use it in their own works.
The PDF, PPT and ODT files are attached at the bottom. Let me know if it works for you.
First of all I need to let you know that it is not within our practice to disclose vulnerabilities on specific online applications. However, given the fact that Pownce, the vendor, was responsibly informed and the fact that we believe that the issue is interesting enough to be discussed, we’ve decided to let you know about our findings. [...]
Remember the article about call jacking with the BT Home Hub? Here is something comparable but pretty new. Since Ronald and pdp had announced the router hacking challenge, I’ve decided to play around a little bit and as a result I’ve managed to find a rather interesting issue. Although not directly related to the router hacking contest, the results I’ve got were rather disturbing and made me get a totally new view on the VoIP phone security landscape. [...]
We want you to hack your router! Yes, You. We want you to hack your router and make your findings public on this very same page, the sla.ckers forum or at hackerwebzine[at]gmail[dot]com. The best and most interesting hacks will receive credit, a lot of attention and good media coverage.
The challenge is supposed to run from 2nd February until 29th February, though it is something that is yet to be clarified because we know that there is a lot to be found. [...]
OK, this is a bit of a funny attack - although it could also be used for criminal purposes! After playing with the BT Home Hub for a while (again!), pdp and I discovered that attackers can steal/hijack VoIP calls. Let me explain …
In summary, if the victim visits our evil proof-of-concept webpage, his/her browser sends a HTTP request to the BT Home Hub’s web interface. [...]
With great power comes great responsibility, but those with great power usually aren’t that responsible. Nevertheless, we try to be responsible as much as we can. In the following post, ap (Adrian Pastor; pagvac) and I (pdp) are going to expose some secrets, which may make you question our values at first, will definitely make you feel worried about Why is all this possible?, and may even make you hate us in your guts for what we have done. [...]
It’s known that UPnP is inherently insecure for a very simple reason: administrative tasks can be performed on a Internet Gateway Device (IGD) without needing to know the admin password whatsoever! This on its own is quite scary and I personally feel that although there is some research in the public domain, there is much more attention that needs to be paid to UPnP.
UPnP allows you to perform administrative functions. [...]
I was invited to co-author Google Hacking for Penetration Testers Second Edition with the some of the greatest minds of enumeration gathering attacks and Google Hacking.
…from the book excerpt: