So BT added a new security feature on the latest version of the BT Home Hub firmware (6.2.6.E at time of writing) which changes the default admin password from admin to the serial number of the router. From BT Support and Advice site:
When I first noticed this new feature I thought it was quite cool and definitely a good move from BT. [...]
My favorite tech quote is from Giorgio Maone. It goes like this: If today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and we should start thinking at it this way, from a security perspective.
Part of my job at GNUCITIZEN is to spot trends. [...]
CONFidence was great! We would like to thank to Andrzej, Anna and everybody else in the CONFidence team for making this event one of the greatest experiences of a lifetime. Thanks again. We are looking forward for the next event. :)
There were many interesting presentations. We’ve tried to attend all of them although it was really hard to do so when the weather in Krakow was so nice (very different from the weather conditions in cloudy/rainy London). [...]
So here is the scenario: the attacker has limited access to a box and he/she needs to perform a portscan from it. However, he/she does not want to download any tools to the target system. There might be various reasons for not wanting to upload a portscanner to the box. Perhaps, the attacker wants to minimize the footprint. [...]
These are the stuff every guy, who has pocked the browser or the client-side lately, would like to hear about. Behold the File I/O the W3C spec for local file access.
Here is a description of what it does. The interesting part from the text bellow is outlined in bold:
I wonder which folder the typical user will select. Hmmm, the Desktop, My Documents? And where all these interesting files are? Mac OS X user, you’ve got a problem. Don’t mount the desktop. [...]
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an information security think tank and because we encounter some very interesting vulnerabilities in our work, we often share our findings with the masses in order to give something back to the community. [...]
I am stuck at the Dubai International Airport and I have nothing else interesting to do. So, I though I might share a simple technique which will go into the Agile Hacking project. Here I will show you how to create a reverse command shell without using 3rd-party tools such as the all mighty netcat. Please read on!
When the pentester compromises a machine they often need to provide themselves with a user friendly access to the system. This is where command shells come into place. [...]
Yes, we’re back with more embedded devices vulnerability research! And yes, we’re also back with more security attacks against the BT Home Hub (most popular DSL router in the UK)!
As you know, we encourage folks in the community to team up with GNUCITIZEN in different projects as we’ve had very successful experiences doing so. This time it was Kevin Devine’s turn. [...]
Here is the story. The other day I was messing with some crypto. After going through some pretty interesting stuff, I’ve suddenly realized something which is very, very obvious when you think about it. Indeed, obvious and simple things are harder to grasp. It is a paradox, I know.
It is again another case of using security technologies for criminal purposes. Let’s take HTTPs as an example. [...]
In the tiger team operations we have been involved with, I often end up hacking through the least interesting systems. If you ask AP, a password-cracking ninja and master of hacking through simplicity, the less interesting the system is, the higher the chances to be insecure. A successful exploitation of these systems often leads to successful exploitation of the network and other adjacent systems. [...]
