Don’t Use Linksys Routers

Posted on by

Today I am publishing 5 Linksys router vulnerabilities so that consumers may be aware of the risks.
linksys vulns.txt

via Don’t Use Linksys Routers « Superevr.

I run a WRT54GL in my network but installed tomato on it because I never liked the linksys GUI and wanted to try out tomato.  Here’s his take on the WRT54GL:

1. Linksys WRT54GL Firmware Upload CSRF Vulnerability
I demonstrate Cross-Site File Upload in my BlackHat and AppSec USA talks. If you need more info on the vector itself, check out How to upload arbitrary file contents cross-domain by Kotowicz.

I suspect these kind of exploits exist in all consumer grade routers.

OpenDaylight SDN Group Breaks Cover

Posted on by

The OpenDaylight members plan to work on a standardized SDN controller and develop OpenDaylight APIs that sit between the controller platform and the network applications and user interfaces. The common, open source platforms will be developed using technology contributed by member companies and utilizing existing industry standards such as OpenFlow.

via Light Reading – OpenDaylight SDN Group Breaks Cover.

Closing the gap to improve the capacity of existing fiber optic networks

Posted on by

The research team, which included Professor Arthur Lowery and Dr Liang Du of the Monash Department of Electrical and Computer Systems Engineering and Jochen Schroeder, Joel Carpenter and Ben Eggleton from the University of Sydney, managed to transmit a signal of 10 terabits per second (Tb/s) more than 850 km (528 miles) using the new technology.

via Closing the gap to improve the capacity of existing fiber optic networks.

How a banner ad for H&R Block appeared on apple.com—without Apple’s OK

Posted on by

R66T, pronounced “Root 66” and intended as a play on the famous American highway Route 66, describes itself as “one of the nation’s leading publisher of targeted content, information and advertising to private Wi-Fi and High-Speed Internet Access (HSIA) networks, conducting tens of millions of individual user sessions—approaching one-billion user-minutes per month.” The company says that it supports Wi-Fi networks at places like airports, hotels, coffee shops, and malls, often providing free access in exchange for showing “hyperlocal” advertisements.

via How a banner ad for H&R Block appeared on apple.com—without Apple’s OK | Ars Technica.

This might be a good opportunity to mention that everyone should use AdBlock Plus, a plugin available for many web browsers, which will block these kind of advertisements.  Blocking ads is also a good PC security measure since ads provide a vector for a lot of malware to inject themselves.

iPad and file systems: failure of empathy

Posted on by

The easiest decision is no decision. Let’s have two user interfaces, two modes: The easy mode for my mother-in-law, and the pro mode for engineers, McKinsey consultants, and investment bankers. Such dual-mode systems haven’t been very popular so far, it’s been tried without success on PCs and Macs. (Re-reading this, I realise the Mac itself could be considered such a dual-mode machine: Fire up the Terminal app, and you have access to a certified Unix engine living inside)

via iPad and file systems: failure of empathy | Technology | guardian.co.uk.

Google Uses Reputation To Detect Malicious Downloads

Posted on by

Unlike Microsoft’s solution, CAMP attempts to detect locally whether any downloaded file is malicious, before passing characteristics of the file to its server-based analysis system. First, the system checks the binary against a blacklist–in this case, Google’s Safe Browsing API. If that check returns no positive result and, if the file has the potential to be malicious, CAMP will check a whitelist to see if the binary is a known good file.

via Google Uses Reputation To Detect Malicious Downloads – Dark Reading.

CAMP’s 99-percent success rate trounced four antivirus products, which individually only detected at most 25 percent of the malicious files and collectively detected about 40 percent, the researchers stated.

Linux Friendly Video Streaming?

Posted on by

For quite some time I just resigned myself to the fact that I’d have to boot into windows or use some other poor method to get my netflix on… then Erich Hoover arrived with a heroic flast to his eye, chin thrust forward and proclaimed, “Do not go gentle into that sudo shutdown -r now! Rage, rage against the needlessness of these cursed reboots!

Here is how to install the Netflix Desktop App on Ubuntu. Open a terminal and run these commands:
sudo apt-add-repository ppa:ehoover/compholio
sudo apt-get update
sudo apt-get install netflix-desktop

More info here: http://www.iheartubuntu.com/2012/11/ppa-for-netflix-desktop-app.html [iheartubuntu.com]

via Ask Slashdot: Linux Friendly Video Streaming? – Slashdot.

After Snapchat, Disappearing Messages are Everywhere

Posted on by

Disappearing messages could prove popular beyond social sharing, and could also be profitable, if businesses can be persuaded to pay for the services. Another company, Gryphn, which released a free Android app in February (an iPhone version is coming out shortly), is seeing a lot of interest from paying enterprise users—including hospitals, a police department, and a financial institution.

via After Snapchat, Disappearing Messages are Everywhere | MIT Technology Review.

How long before we have an app that stores these “disappearing” messages at the receiving end?

Rackspace sues “most notorious patent troll in America”

Posted on by

Rackspace’s dispute is with an IP Nav unit called Parallel Iron, which says it has three patents that cover the open source Hadoop Distributed File System (HDFS). But remarkably, Rackspace didn’t even know that at first; IP Nav contacted Rackspace and told the company it infringed some patents while refusing to even reveal the numbers or the owners of the patents, unless Rackspace signed a “forbearance agreement” to not sue first. (Sometimes companies threatened by patent trolls can file a “declaratory judgment” lawsuit, which can help them win a more favorable venue.)

via Rackspace sues “most notorious patent troll in America” | Ars Technica.

Grading Essays at College Level

Posted on by

EdX, the nonprofit enterprise founded by Harvard and the Massachusetts Institute of Technology to offer courses on the Internet, has just introduced such a system and will make its automated software available free on the Web to any institution that wants to use it. The software uses artificial intelligence to grade student essays and short written answers, freeing professors for other tasks.

via New Test for Computers – Grading Essays at College Level – NYTimes.com.