SEARCH RESULTS
 
Showing 1-10 of 10 records
1
 
Expand article

Dumb Luck IS a Strategy!

2008-09-18 09:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...telnet with a guessable password OR a telnet vulnerability (circa 1994 an exposed VPN appliance with a manufacturer's administrator password a router with default "enable" password or, something else entirely - but something that rivals the above example in its unparalleled, unbelievable, abysmal, deep idiocy Indeed, many of my pentesting...
 
Tags: dumb luck, dumb luck strategy, security, security countermeasures, security professional, security program, risk, obvious huge risk, password
 
 
 
 
Expand article

Cross Site Printing: Printer Spamming

2008-01-09 22:16:31 by Editor in Help Net Security - Articles
 
Many network printers listen on port 9100 for a print job (RAW Printing or Direct IP printing). You can telnet directly to the printer port and enter text. Once you disconnect from the printer it will
 
Tags: printer, port, printer port, enter text, print job, telnet directly, network printers, direct, disconnect
 
 
 
 
Expand article

Process Doubling

2008-01-27 22:44:57 by RSnake in ha.ckers.org web application security lab
 
...telnet or something else for back and forth real-time communication. We already have root access, so its easy enough to start and stop the process. Its also fairly easy with some programming to create a switch in the code, to look for a different string and jump into a different mode. It could be a clever way around a fairly complex set of...
 
Tags: web server, fairly complex set, set, fairly straight forward, egress, fairly easy, fairly common occurrence, easy, firewall egress
 
 
 
 
Expand article

Fun Security Reading - 3

2008-05-15 14:11:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...telnet and modems (no shit Rich Mogul drop-kicks GRC . Then kicks it in the balls . Then steps on it . Fun read, for sure Did somebody just utter "ROI"? Yeah - and that means katana blades sharpened, flamethrowers charged, pet trolls enraged :-) Yes, the beast is back - with a vengeance. Bruce Schneier hits it with +5 Flaming Blade, it...
 
Tags: security, fun security, security efficiency, data security compromise, fun, security chasm, risk, people perceive risk, academic security
 
 
 
 
Expand article

Cloud This, Cloud That...

2008-05-20 18:48:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...telnet as 'root' without any password" (this is where web security stands today , pretty much Second, can you make sure that only you will see the sensitive data (or even regulated data: PHI, credit cards, passwords, financials, etc)? Maybe, if you take care of it . As Mike R puts it : "Basically, you can't be sure anything is secure in the...
 
Tags: cloud, cloud based services, cloud based-services, in-the-cloud service, service, cloud provider screws, cloud provider, security, control physical security
 
 
 
 
Expand article

Minimizing the Attack Surface, Part 1

2008-06-24 19:09:34 by Chris Eng in Zero in a bit
 
...telnet on tcp/23 or ftp fon tcp/21. Others left you wondering, what the heck is listening on tcp/515 or tcp/7100? And remember, you couldnt ask Google because it didnt exist (well, maybe it did depending on when you got into security Your first real lesson about locking down a host was how to reduce its attack surface. You learned how to...
 
Tags: attack surface, custom web applications, web, services, prevent unnecessary services, unnecessary services, security, third-party libraries, fix security holes
 
 
 
 
Expand article

Virtualisation - Welcome Back to the 90s.

2008-07-03 06:37:00 by Allen Baranov, CISSP in Security Thoughts
 
...telnet (shell accounts), ftp and apache. All on the same box Security wasn't so tight in those days but it was usually good enough and the box could happily do what it needed to do Along came Microsoft and produced the idea of "one box - one service". You can't seriously consider running your domain controller as a file server. What are you...
 
Tags: server, file server, server box, box, mail server, mail, multiple applications, multiple, sql server
 
 
 
 
Expand article

Monetizing Infected Hosts by Hijacking Search Results

The Article has images
2008-10-02 07:33:00 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...telnet service on an infected host With the search queries feature easy to duplicate by other kits, this web based malware is a great example of how the time-to-market mentality lacking any kind of personal experience -- the malware cannot intercept SSL sessions compared to the majority of crimeware kits that can -- ends up in a weird hybrid...
 
Tags: malware, web based malware, kits, author simply, author, crimeware kits, intercept ssl sessions, product concept mentality, queries feature easy
 
 
 
 
Expand article

Hackers Jailbreak T-Mobiles And Googles Android Phone

2008-11-06 00:35:13 by CyberInsecure in CyberInsecure.com
 
Hackers have managed to jailbreak T-Mobiles new G1 phone by exploiting a gaping loophole in Android, the open source operating system supplied by Google. The hack, which was posted to XDA-Developers forum, is a straight-forward process that allows root access in about one minute. It involves using the widely available PTerminal application to...
 
Tags: jailbreak t-mobiles, pterminal application, android, xda-developers forum, root access, phone, hackers, google, source
 
 
 
 
Expand article

Credit for Researchers

2008-11-13 19:40:18 by Chris Wysopal in Zero in a bit
 
...telnet NTLM authentication vulnerability Riouxs advisory has a great description of the credential relay and cracking weaknesses. I have talked to him and he says he discovered these problems independently, but he didnt find them first. Dominique Brezinski published exactly these NTLM vulnerabilities in the SMB prot