Cisco SSH key bug in virtual security appliances leads to some questions
Published in News

Cisco has acknowledged (and released patches for) a fairly serious security bug in three of their virtual appliances that, oddly enough, are related to security. The three products in question are the Cisco Web Security Virtual Appliance, the Email Security Virtual Appliance and the Security Management Virtual Appliance. These three devices all share a default preinstalled SSH encryption key. This meddlesome little fact means that it is very simple to get into an SSH session because you can grab the key off of another copy of the product. We are pretty sure that the default keys are already floating around on the internet somewhere as well.

New Browser Based Flaw Leaks VPN Users' IP Addresses
Published in News

Privacy on the internet is a hard thing to achieve. For starters there are tons of companies that are very interested in what you do and where you go online so they can get you to buy things. On top of that there are the spying eyes of the government watching to make sure you are not a bad guy and storing all of this data in massive warehouses. This mass data collection seems to exist in every single device we own; from laptops to phone to smart TVs. It is enough to make someone paranoid, or at least to look for some form of privacy when connected to the internet.

The P0wn2Own competition is getting s sibling. Now we are not talking about the competition sponsored by Google or even Microsoft. We are talking about a knockdown drag out competition to hammer the (lack of) security in residential and SOHO routers. The competition will be called SOHOpelessly Broken and will kick off at DEF CON 22 this year. Interestingly enough it is sponsored by the Electronic Frontier Foundation (EFF) and Independent Security Evaluators (ISE).