John Matherly of SHODAN fame and Dan Tentler from Aten Labs teamed up to research the DD-WRT information disclosure vulnerability we released back in December. The results show that approximately 10% of remotely accessible DD-WRT routers were both vulnerable to the attack and could be geo-located based on the information… Continue reading
When you’re setting up a device for testing, sometimes you need to set up a DNS server. And when you do, you don’t want to be messing around with DNS configuration files. MiniDNS is a very simplistic DNS server that responds to all DNS queries with a single IPv4 address…. Continue reading
Version 0.1.2 of LittleBlackBox was released last night. In addition to a new list of private SSL keys added to the database and some minor bug fixes, we’ve introduced a couple new features: Ability to update SSL key database to the latest SVN check-in. This keeps you up to date… Continue reading
No, this is not some new SSL vulnerability. In fact, it’s a really old vulnerability, as old as cryptography itself: keep your secret keys secret. A lot of embedded devices provide HTTPS support so that administrators can administer the devices securely over untrusted networks. Some devices, such as SSL VPNs,… Continue reading
We’ve just released a new version of Binwalk, our open source firmware analysis tool. This release features new firmware signatures and a huge speed increase; scan times for large firmware images went from ~12 hours to less than a minute! Download Binwalk here.