From: Yvan Boily (yboily@seccuris.com)
Date: Tue May 04 2004 - 22:50:34 EDT
Pen test complete. Product was completely misrepresented. The camera
configuration is stored on the computer. Took less than 10 minutes of
analysis to determine that the software was storing the authentication
information in a database on the system. Authentication credentials are
stored in a username and md5 password pair. The access database did not
have any protection mechanisms. The database had a default administrative
account which lasted 4 tries from my precomputed dictionaries.
All in all, a sorry state of affairs, and not a serious contender for
integration of monitoring for infosec and physical security.
Regards,
Yvan Boily
Information Security Analyst
Seccuris
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT