Reverse Engineering a D-Link Backdoor
Using the correct User-Agent: string, all auth is bypassed on several released models of D-Link and Planex routers. Horrific fail by D-Link
(tags: d-link security backdoors authorization reversing planex networking routers)
-
one of the most obvious inferences from the Snowden revelations published by the Guardian, New York Times and ProPublica recently is that the NSA has indeed been up to the business of inserting covert back doors in networking and other computing kit. The reports say that, in addition to undermining all of the mainstream cryptographic software used to protect online commerce, the NSA has been “collaborating with technology companies in the United States and abroad to build entry points into their products”. These reports have, needless to say, been strenuously denied by the companies, such as Cisco, that make this networking kit. Perhaps the NSA omitted to tell DARPA what it was up to? In the meantime, I hear that some governments have decided that their embassies should no longer use electronic communications at all, and are returning to employing couriers who travel the world handcuffed to locked dispatch cases. We’re back to the future, again.
(tags: politics backdoors snowden snooping networking cisco nsa gchq)
Azerbaijan accidentally publishes the results of its election before the polls open
The mistake came when an electoral commission accidentally published results showing a victory for Ilham Aliyev, the country’s long-standing President, a day before voting. Meydan TV, an online channel critical of the government, released a screenshot from a mobile app for the Azerbaijan Central Election Commission which showed that Mr Aliyev had received 72.76 per cent of the vote compared with 7.4 per cent for the opposition candidate, Jamil Hasanli. The screenshot also indicates that the app displayed information about how many people voted at various times during the day. Polls opened at 8am.
(tags: azerbaijan corruption fix elections voting voter-fraud)
-
According to EasyDNS:
Any registrar that has taken one of these sites offline that now impedes the registrants of those domains from simply getting their domain names out of there and back online somewhere else will then be subject to the TDRP – Transfer Dispute Resolution Policy and if they lose (which they will) they will be subject to TDRP fees assesed by the registry operator, and to quote the TDRP itself “Transfer dispute resolution fees can be substantial”. This is why it is never a good idea to just react to pressure in the face of obnoxious bluster – in the very act of trying to diffuse any perceived culpability you end up opening yourself to real liability.
(tags: tdrp easydns dns registrars domains piracy law due-process)
Schneier on Security: Air Gaps
interesting discussion in the comments. “Patricia”‘s process is particularly hair-raisingly complex, involving 3 separate machines and a multitude of VMs
(tags: air-gaps security networking bruce-schneier via:adulau)