Version 1.16
- Details
- Category: Release Notes
- Published: Saturday, 09 August 2014 22:11
- Written by Ben Tasker
Version 1.16 of PHPCredlocker has been released and can be obtained from https://github.com/bentasker/PHPCredLocker
Documentation
Minor Information Disclosure Vulnerability - Versions earlier than 1.16
- Details
- Category: Disclosures
- Published: Saturday, 09 August 2014 22:00
- Written by Ben Tasker
A minor Information Disclosure Vulnerability exists in PHPCredlocker versions earlier that 1.16.
Communicating with HomePlugAV Devices using Python
- Details
- Category: Development/Programming
- Published: Monday, 07 July 2014 03:13
- Written by Ben Tasker
I've got a couple of pairs of ON Networks' PL 500 HomePlugAV Powerline Adapters and have been playing around with them to see how they compare to the Computrend 902 devices I played around with 5 years ago.
I'm still playing around with the kit, but thought I'd document a very basic example of how to send commands to the devices using Python - the instructions should work for any kit based on Qualcomm's INT6x00 and AR7x00 chipsets (mine use the AR7420/QCA7420) - we'll be changing one of the encryption keys (the NMK) that the devices use
Vulnerability: Infiltrating a network via Powerline (HomePlugAV) adapters
- Details
- Category: Security
- Published: Wednesday, 23 July 2014 09:15
- Written by Ben Tasker
As I posted recently, I've been playing around with some of ON Network's PL500 HomePlugAV Adapters. Given my previous experience with Powerline adapters, as part of that tinkering I thought I'd see whether they contain (or are) a security issue.
Unfortunately the news isn't great, as I can now get effective physical network access using the HomePlugAV adapters as my entry point. It does, of course require some proximity to the target network, but is otherwise pretty straight forward.
As I don't have $5,000 to spare, I did this without reading the HomePlugAV technical specification.
Responsible Disclosure: Before publishing, I contacted the HomePlug Alliance to notify them of the issues I'd identified, but have had no response
Unbound: Adding Custom DNS Records
- Details
- Category: Linux
- Published: Sunday, 29 June 2014 08:02
- Written by Ben Tasker
When I wrote my post on configuring DNS, DHCP and NTP on a Raspberry Pi, I forgot to include information on how to add your own DNS records to Unbound (straight forward as it is). So in this post, I'll give a very brief overview.
All changes should be made in an unbound configuration file (probably /etc/unbound/unbound.conf, though you could also put them into a file in local.d, depending on your distribution - see below)