Feeds

Fifteen zero days found in hacker router comp romp

Four routers rooted in SOHOpelessly Broken challenge

Beginner's guide to SSL certificates

Defcon 22 Researchers have unveiled 15 zero day vulnerabilities in four home and small business routers as part of the SOHOpelessly Broken hacker competition in DEF CON this week.

Four of the 10 routers offered for attack including the ASUS RT-AC66U; Netgear Centria WNDR4700; Belkin N900, and TRENDnet TEW-812DRU were fully compromised.

Those devices allowed attackers to execute privileged commands through holes found on updated firmware.

Blood was also splattered from an Actiontec Electronics router sold by Verizon, which was not on the original hit list but was nonetheless accepted by competition organisers.

The Linksys EA6500; Netgear WNR3500U/WNR3500L; TP-Link TL-WR1043ND; D-Link DIR-865L, and the Electronic Frontier Foundation's Open Wireless Router firmware were either untested or emerged unscathed.

Tripwire researcher and SOHO router fiend Craig Young reported 11 of the 15 flaws uncovered during the competition.

Some vendors had already patched the zero-day flaws but failed to do so on the specific models nominated for attack during the competition, a failure said to be common across small home or office router spruikers.

In January, backdoors were found across routers from manufacturers including Cisco, Netgear and Diamond.

And last year, competition organisers Independent Security Evaluators discovered flaws ranging from severe to benign in 13 popular routers from the likes of Linksys, NetGear and Belkin, 11 of which could be hijacked from a wide area network. All routers were updated at the time of the tests.®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?