NNSquad - Network Neutrality Squad
[ NNSquad ] Shared private key can apparently compromise RuggedCom SCADA gear
Shared private key can apparently compromise RuggedCom SCADA gear http://j.mp/O6UCpX (Digital Bond) "Justin Clarke and ICS-CERT unveiled another vulnerability in RuggedCom devices yesterday. This time, Justin took a different track with the device firmware and showed that all products use the same SSL private key, hard-coded in the firmware. This is fairly typical in cheap consumer-grade embedded products, and has the unfortunate effect that easy Man-In-The-Middle attacks can be performed against products. For example, any compromised host on the switch management network can be used to spoof affected RuggedCom switches, meaning that the bad guy or gal could capture legitimate usernames and passwords for the switch." - - - --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info - Data Wisdom Explorers League: http://www.dwel.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad