CVE-2014-1849 Foscam Dynamic DNS predictable credentials vulnerability Date Published: 05-08-2014 Class: Design error Remotely Exploitable: yes Vulnerability Description: Foscam IP camera vendor provides a Dynamic DNS (DynDNS) service. Every Foscam camera has a preassigned FQDN of xx####.myfoscam.org format, where 'x' is an alphabetic ASCII character and '#' is a digit.... Continue reading

Yesterday I released another version of SlowHTTPTest, that includes all the performance fixes that were sitting in the repository since last year, as well as: - CLI got funny colors and less scrolling for better perception - HTML reports look prettier - Help screen is finally readable I tested it... Continue reading

As of today, this page should crash any webkit-based application that uses CoreText font rendering framework on iOS or OSX 10.8.4 Continue reading

While working on presentation about IP cameras, Artem crafted a handy shell script that searches for active IP cameras by going over camera vendor's DNS records. The result was some handy numbers, as well as information on how people are using camera vendor provided DDNS service. Last week I was... Continue reading

To support the presentation about controlling IP cameras all over the world, we'll try to share some details on what the getmecamtool is doing and how to make it work. getmecamtool is a tool-set to manipulate software of Foscam FI8910W, FI8908W, FI8909W and their clones. It has the following components:... Continue reading

Last year I was lucky enough to attend the Hack In The Box security conference in Amsterdam. Dhillon and the rest of organizers put a great event and since then I was eager to return. Subject line of this post is the title of the talk that we are going... Continue reading

About 40 minutes before our WebSocket presentation at BayThreat I decided to do the final dry run. The slide with stacktrace of crashed desktop Safari caught my attention and I re-checked if there is still a problem. While current OSX Safari was fixed and I removed the slide, I decided... Continue reading

Cross-posted from Qualys Security Labs Following the release of the slowhttptest tool with Slow Read DoS attack support, I helped several users test their setups. One of the emails that I received asked me to take a look at test results of the slowhttptest tool. According to the report, the... Continue reading

Cross-posted from Qualys Security Labs Imagine a line at a fast food restaurant that serves two types of burgers, and a customer at the cashier is stuck for a while deciding what he wants to order, making the rest of the line anxious, slowing down the business. Now imagine a... Continue reading

Cross-posted from Qualys Security Labs Slow HTTP attacks are denial-of-service (DoS) attacks in which the attacker sends HTTP requests in pieces slowly, one at a time to a Web server. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources... Continue reading

Cross-posted from Qualys Security Labs Following the release of the slowhttptest tool, I ran benchmark tests of some popular Web servers. My testing shows that all of the observed Web servers (and probably others) are vulnerable to slow http attacks in their default configurations. Reports generated by the slowhttptest tool... Continue reading

Cross-posted from Qualys Security Labs Slow HTTP attacks are denial-of-service (DoS) attacks that rely on the fact that the HTTP protocol, by design, requires a request to be completely received by the server before it is processed. If an HTTP request is not complete, or if the transfer rate is... Continue reading

Cross-posted from Qualys Security Labs Slow HTTP attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an http request is not complete, or if the transfer rate is very low, the server keeps its... Continue reading