From Security Weekly WikiJump to navigationJump to search
, 19:55, 25 November 2014
#[http://www.infosecurity.us/blog/2014/11/21/all-your-base-are-encrypted "All Your Base] - Eff makes efforts to encrypt the Internet. "The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires." Its true, the barriers to properly implementing and maintaining TLS are huge. The big guys get it right, sometimes. Curious to see what comes next...
#[http://reversemode.com/index.php?Itemid=0&id=80&option=com_content&task=view Reversing Industrial firmware for fun and backdoors I] - Some updates posted here, I wonder if everyone has updated their firmware? Likely not... We seem to lack adequate testing tools, given the nature of embedded systems and how each one is unique. How does your enterprise ensure firmware updates across devices?
#[http://reversemode.com/index.php?Itemid=0&id=77&option=com_content&task=view Reversing DELL's DRAC firmware] - Turns out, this firmware does not use /etc/shadow. This means the backdoorfound is not accessible remotely. Oh well. This happens when you are reverse engineering firmware. You find artifacts, but sometimes they are not used in the production environment. Maybeit was only used in a test environment or another hardware revision. Or sometimes the firmware is copied from a different hardware device and some features are not implemented.
== Larry's Stories ==