Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Multiple Security Products like UTMs, Firewalls, VPN Solutions found Vulnerable

hypnosec (2231454) writes | about a year and a half ago

Security 0

hypnosec (2231454) writes "Most of the security appliances in use today ranging from software based firewalls to Unified Threat Management (UTM) systems and email and web gateways are packed with serious security vulnerabilities it has been revealed. According to Ben Williams of NCC Group, security appliances sold by different vendors and used in production environments are based on Linux with outdated or old kernel versions that are vulnerable to some or other kind of exploits. Presenting the findings at the Black Hat Europe 2013 security conference, Williams revealed that on top of the not so properly maintained Linux, even the web applications that provide the front end aka GUI for the appliance are insecure. As detailed in his whitepaper some of the common vulnerabilities found in almost all products were inability to protect against brute-force password cracking attempts; cross-site scripting flaws; cross-site request forgery; command injection vulnerabilities and privilege escalation."
Link to Original Source

cancel ×


Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>