Tuesday, March 24, 2009

When Security Devices are Exploitable…

I can't resist connecting this bit of info from  Security and Attack Surfaces of Modern Applications (Via Gunnar Peterson)

So, today’s Firewall is:

  • A Multi-Protocol parsing engine
  • Written in C
  • Running in Kernel space
  • Allowed full corporate network access
  • Holding cryptographic key material

…and still considered a security device?

With Stealth Router-based Botnet Discovered (via Cybersec).

...the first known botnet based on exploiting consumer network devices, such as home routers and cable/dsl modems.

When security devices are exploitable…

1 comment:

  1. Not mine, buddy!

    Mine is written in PHP! It also dynamically retrieves updates by including remote HTML files obtained through tor exit nodes of questionable repute, and stores the information in a mysql database, uses md5 certificates, and allows root login!

    I call it the Secure Updatable ChecKer