Home page logo
/

dailydave logo Dailydave mailing list archives

Managing that Dam from behind a VPN is best practices!
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 09 Sep 2013 12:28:44 -0400

This is the release notes from the latest VulnDisco pack:
"""
New modules in this release:

vd_cdatahub - [0day] Cogent DataHub DoS
vd_cdatahub2 - [0day] Cogent DataHub DoS
vd_cdatahub3 -  [0day] Cogent DataHub file overwrite
vd_cdatahub_ver - [Tool] Get version of Cogent DataHub
vd_cdatahub_clstat - [Tool] Get status of Cogent DataHub clients

Also available our old exploit from Vulndisco Step-Ahead program,
available since 2011:
vd_adobe_fp_osx - Flash Player < 11.7.700.169 exploit (OSX)

"""

Generally with SCADA software finding bugs is a matter of simply typing. That's actually something you hear at Immunity 
a lot, when a problem is known to be trivial to do, but still require work, we just call it "typing". That said, the 
hard part with random SCADA software is usually getting it, installing it, and trying to make it work like it should 
work. The easy part is owning it. 

Luckily for most users of SCADA software, they've followed best practices and hidden their SCADA management stuff 
behind VPNs so nobody can get to it from the Internet. . . .Wait a minute 
<http://torrentfreak.com/nsa-can-spy-on-vpn-traffic-and-other-encrypted-communication-130906/>.... :>

-dave

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • Managing that Dam from behind a VPN is best practices! Dave Aitel (Sep 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]