seen from United States
seen from United Kingdom
seen from China
seen from China
seen from United States
seen from Yemen
seen from United States
seen from China
seen from China
seen from Yemen
seen from United States
seen from United States
seen from India
seen from Canada
seen from China
seen from United States
seen from Saudi Arabia
seen from Philippines
seen from United States
seen from United Arab Emirates
HD Moore on RiskyBiz
HD Moore on Risky Biz - his take (paraphrasing): segmentation and standardization in app sec will solve big issues, but it will have to be completely painless or it will take a catastrophic event to get there
... companies are being greedy in a technological sense...
If you're continuing to develop software faster than you can secure it, you're always going to be in a bad place.
Welcome to the party.
From Twitter: Scan the Internet & Screenshot All the Things: http://bit.ly/1tpFzJS— HD Moore (@hdmoore) August 19, 2014
↬@hdmoore
Board Room Spying: Real but not new!
@hdmoore recently published Video Conferencing weaknesses in a 1hr webcast. Its is kinda interesting but not so much because even though its a real threat, its not a new one, here is why: (this is just summary, for full issue refer Source).
What is affected? How to test? 1. Auto-answer systems (comes default with Polycom). Can be tested using metasploit module. [1] 2. Vulnerable VC systems (Only LifeSize systems has an exploit). Also, can be tested using [2]. 3. Default or no passwords. Some vendors like Tandberg have no passwords vulnerability. Patches are already released. [3] As you can see, the only thing unique above is "auto-answer", which is what the NYT primarily talks about in the article. Whats the Impact? 1. Access the VC systems, use camera to pan-zoom etc. 2. Access the admin interface (webbased ui) to basically control the whole system. 3. Read passwords, listen to conversation, record from a distance. What was found in the survey done by hdmoore? 1. Out of 3% random IPs on internet, 250,000 had 1720 port open (h323 port), out of these 5,000 systems had auto-answer. 2. Major vendors: Polycom, LifeSize, Tandberg, Codian, Sorenson. How to protect? 1. Disable auto-answer 2. Firewall the system 3. Change default passwords 4. Apply patches 5. Enable logging. These excerpts were taken from the webcast presented by Rapid7, you can access it here (1hr long): http://www.rapid7.com/resources/webcast-boardroom.jsp. Ref: [1]: http://metasploit.com/modules/auxiliary/scanner/h323/h323_version [2] : http://www.metasploit.com/modules/exploit/unix/http/lifesize_room [3]: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111109-telepresence-c-ex-series
Latest about h323 attack is here: https://twitter.com/#!/search/%23h323
