Sometimes you run into something security-related in the computer industry that’s so stupid it’s hard to believe. Here we go again:
Many routers and other network devices use default or hard-coded SSL keys that can be recovered from the device’s firmware. An attacker could then use the keys to listen in on HTTPS traffic to the administration interface of the device. The database has over 2,000 device keys from vendors including Cisco, Linksys, D-Link and Netgear.
So a group has started a project called littleblackbox that contains a database of devices and their private keys.
Strictly speaking, this isn’t a vulnerability; it’s poor implementation. I’d also venture to say that the impact is not all that great, as typically it only allows sniffing of traffic inside the network. If the attacker is already in control of a PC inside the network you’ve already got a big problem and he will have a high rate of success in controlling the network device simply by using default usernames and passwords. There are many databases of these, such as this one.
– on Security Watch
Related Posts
- Database admin sentenced for hacking employer’s network
A former senior database administrator at a Houston electricity provider was sentenced to a year in prison for hacking into his former employer's computer network, the U.S. Department of Justice said.... - How to Set Up a Virtual Private Network
If you work on the go fairly often, you've probably hopped on a public wireless network at least once or twice. You should have also figured out how to keep your data safe when you're on such a networ... - PSN update now live across the U.S., go change your password now
In case you missed it — and you very well might have considering what time this ball got rolling — Sony has officially flipped the switch on the PlayStation Network, restoring service in a limited... - Sony says credit card details *were* encrypted, but questions still remain
Sony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.Sony reassured users of the PlayStati... - Sony PlayStationRNetwork under attack
After discovering an external intrusion, the persons in charge took the worldwide network and the Qriocity services offline on April 20th 2011. Since then, none of the games can be played online anymo... - Playstation Network users at risk (updated)
Update 27/04/2011 15:30 GMTA Spanish user tweet shows he has been charged in his card, his bank has called him after a suspicious charge to Netflix has been done (Netflix is not available in Spain):He... - Questions and Answers on the Sony PSN Hack
Q: What is PSN?A: It's the Sony PlayStation Network, an online gaming network.Q: What devices can access it?A: Sony PlayStation 3 (PS3) Sony PlayStation Portable (PSP). You can also use your PSN login... - Sony PlayStation Network and Qriocity Services Hacked – 77 Million Accounts at Risk
Not one to let Epsilon or Oak Ridge National Laboratories hog the media spotlight, Sony, a seasoned expert at security blunders such as the famous Sony rootkit, has taken the spotlight for one of the ... - Sony PlayStation data breach fiasco: what bugs me about it
I have been skimming the glut of news stories covering the PlayStation hack following Sony's statement yesterday.
The issues that keeps coming back to me are these:
1. Sony, like any company who ke... - PlayStation Network hacked: Personal data of up to 70 million people stolen
Users of Sony's PlayStation Network are at risk of identity theft after hackers broke into the system, and accessed the personal information of videogame players.
The implications of the hack, which r...
Posted on 22 December 2010. Tags: Database, device, keys, network, Private, published
