twistedmoney99 - Slashdot User

Submission + - Owning a wireless camera, its user and its network (informit.com)

Submitted by twistedmoney99 on Saturday September 15, 2007 @08:54AM

twistedmoney99 writes: InformIT has posted a two part article by Seth Fogie that describes how a wireless IP camera can be owned and abused. The first part describes how the cameras feed can be sniffed, replaced, or even DoSed off the air by a PDA. The second part then takes a look at the web application interface of the camera (an Axis207W) and exposes numerous vulnerabilities that lead to exposed passwords, a software based DoS, global XSS — and the kicker — a CRSF attack that through which an attacker can remotely penetrate the network it is installed on.

Submission + - Full-Disclosure Wins Again - How patches are born (informit.com)

Submitted by twistedmoney99 on Wednesday August 15, 2007 @09:12AM

twistedmoney99 writes: The full-disclosure debate is a polarizing one. However, no one can argue that disclosing a vulnerability publicly often results in a patch — and InformIT just proved it again. In March, Seth Fogie found numerous bugs in EZPhotoSales and reported it to the vendor, but nothing was done. In August the problem was posted to Bugtraq, which pointed to a descriptive article outlining numerous bugs in the software — and guess what happens? Several days later a patch appears. Coincidence? Probably not considering the vendor stated "..I'm not sure we could fix it all anyway without a rewrite." Looks like they could fix it, but just needed a little full-disclosure motivation.

Slashdot Top Deals