Archive for the 'Network Security' Category

Multiple Vulnerabilities in ALL Synology Products

Published on April 4, 2008 in Exploits, Network Security, Operating Systems, Press Release and Security Engineering. 13 Comments

In an earlier post to my personal blog as well as to this blog, I enthusiastically recommended the Synology CS407 NAS as a data storage/backup platform. I am now taking that recommendation back.

Let me just say this: it seemed like a good choice at the time, and, if I could have trusted the vendor to deploy the software on it properly, it might still be. Here is a short summary of some of the issues I found:

Table of Vulnerability Exposure for Synology Products

You can skip to the full report here: A Security Audit of the Synology Disk Station Manager (DSM) v2.0-0590 Firmware.

What follows is a complete retelling of how I got here, sort of a lesson in vulnerability disclosure (not so much discovery, you’ll see why). It’s not pretty, I didn’t do all the right things, and it’s kind of long.

Continue reading ‘Multiple Vulnerabilities in ALL Synology Products’

Attacks on BitTorrent

Published on January 18, 2008 in Network Security, Privacy and Spam. 0 Comments Tags: , .

Many media companies are paying big money to try and stop file sharing of copyrighted material. While the material in question is being shared illegally, many of the techniques these companies employ effect everyone by generating much additional internet traffic. In this presentation I present research into some new techniques currently being used to attack BitTorrent swarms and the prevalence of these attacks.

BitTorrent Presentation

Detecting Botnet Membership

Published on April 21, 2007 in Network Security, Spam and Viruses. 0 Comments

More and more often we hear about botnets being responsible for a larger piece of Internet crime today. Botnets are complex systems and there are many different approaches to combating the problem. I decided to take a look at some of the more recent techniques to discover bot malware infection from network traffic. I came across two particularly interesting methods of identifying infected machines. One is to look at the most often used command and control technique – IRC channels – and try to determine ‘evil’ channels which provide commands for zombie machines. Another idea is to look for DNS Black List lookups, which may be performed by bots to test that an IP address is not listed before using it to send spam. Attached is a short presentation I gave for the ISIS computer lab.

Botnet Membership Detection within the Network