Archive for the 'Press Release' Category

Summer InfoSec Video/Study Group

This summer the ISIS Lab will be hosting a weekly Information Security Video/Study Group every Wednesday from 6:30pm until people get bored (probably ~8-9pm).

I’ll show up in the lab and hook up our gigantic LCD TV to show a different video each week and host a discussion. Afterwards, I’ll do a review of each meeting on this blog. We will default to a FreeBSD Kernel Internals DVD course if no other videos are suggested (I need to brush up on my Operating Systems). If you have a specific video you’d like to see/discuss from Defcon, ShmooCon, HITBSecConf, Blackhat, RECon, or elsewhere then please suggest watching it!

Meetings will take place in the ISIS Lab (Room 219) located in Polytechnic University. The street address is 6 Metrotech Center, Brooklyn, NY 11201. If you’re not a regular, then I’m going to need to sign you in so call the lab phone at (718) 260-3986 when you get here (regulars get the sekret c0deword). I’ll keep a bunch of menu’s in the lab and we’ll make an order for takeout shortly after everyone gets here.

This event is open to the public (duh) so please invite your friends. Send all comments, suggestions or videos you’d like to watch to me, Dan, at dguido@gmail.com.

The first meetup is this Wednesday, May 14th. See you there!

Add this event and others to your calendar: ISIS Meetings.

Multiple Vulnerabilities in ALL Synology Products

In an earlier post to my personal blog as well as to this blog, I enthusiastically recommended the Synology CS407 NAS as a data storage/backup platform. I am now taking that recommendation back.

Let me just say this: it seemed like a good choice at the time, and, if I could have trusted the vendor to deploy the software on it properly, it might still be. Here is a short summary of some of the issues I found:

Table of Vulnerability Exposure for Synology Products

You can skip to the full report here: A Security Audit of the Synology Disk Station Manager (DSM) v2.0-0590 Firmware.

What follows is a complete retelling of how I got here, sort of a lesson in vulnerability disclosure (not so much discovery, you’ll see why). It’s not pretty, I didn’t do all the right things, and it’s kind of long.

Continue reading ‘Multiple Vulnerabilities in ALL Synology Products’