SFS presentation about Synology

Published
by
Dan Guido
on April 16, 2008
in Exploits and Security Engineering
.

This morning I summed up everything that happened with Synology and everything I have continued working on since my previous article was written in a deck of slides at the weekly SFS meeting.

Here is an overview of the items not covered in the previous article:

  • The director of software development at Synology contacted me one business day after my ISIS Blogs post. They have already released a firmware update to fix the most critical issues and came up with an “enhancement” plan (security fixes are not enhancements, but I digress) to fix the rest!
  • I’ve started developing ARM/Linux2.6 shellcode so I can integrate a Synology exploit into Metasploit. First try: virtualize the firmware inside of qemu. Failed. Second try: install gcc directly on device. So far so good.
  • I wrote an FTP request module for Sulley to fuzz the FTP server Synology is using. I haven’t been able to use yet because I hit the built-in connection limit on the FTP server and it starts ignoring me. That is a project for another day.

See the entire deck of slides here: http://cryptocity.net/archive/synology_presentation.pdf

  • Digg
  • del.icio.us
  • NewsVine
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • YahooMyWeb
  • Facebook
  • Google
  • Pownce
  • TwitThis
  • E-mail this story to a friend!
This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution 3.0 License.

0 Responses to “SFS presentation about Synology”

Feed for this Entry Trackback Address
  1. No Comments
  1. 1 Security Videos #2 Meeting Report at ISIS Blogs
    Pingback on Jun 5th, 2008 at 3:01 pm

Leave a Reply