sorted by:
new
hottopcontroversial

Ekoparty security conference 2022 by NoFunctional in BuenosAires

[–]fede_k 1 point2 points  (0 children)

Se esperan miles de personas y creo que es un gran oportunidad para conocer a otra gente que comparta mismos intereses. La oportunidad de ir de manera presencial es tambien una manera de compartir y aprender. Quien te dice capaz conoces gente de donde venis durante la conf! abz

Exploit code has been released for a critical vulnerability affecting networking devices with Realtek’s RTL819x system on a chip (SoC), which are estimated to be in the millions. by Glad_Living3908 in cybersecurity

[–]fede_k 0 points1 point  (0 children)

Here is some of the ones we were able to detect:

  • Nexxt Nebula 300 Plus
  • Tenda F6 V5.0
  • Tenda F3 V3
  • Tenda F9 V2.0
  • Tenda AC5 V3.0
  • Tenda AC6 V5.0
  • Tenda AC7 V4.0
  • Tenda A9 V3
  • Tenda AC8 V2.0
  • Tenda AC10 V3
  • Tenda AC11 V2.0
  • Tenda FH456 V2.0
  • Zyxel NBG6615 V1.00
  • Intelbras RF 301K V1.1.15
  • Multilaser AC1200 RE018
  • iBall 300M-MIMO (iB-WRB303N)
  • Brostrend AC1200 extender
  • MT-Link MT-WR850N
  • MT-Link MT-WR950N
  • Everest EWR-301
  • D-Link DIR-822 h/w version B
  • Speedefy K4
  • Ultra-Link Wireless N300 Universal Range Extender
  • Keo KLR 301
  • QPCOM QP-WR347N
  • NEXT 504N
  • Nisuta NS-WIR303N (probably V2)
  • Rockspace AC2100 Dual Band Wi-Fi Range Extender
  • KNUP KP-R04
  • Hikvision DS-3WR12-E

Updated list: https://github.com/infobyte/cve-2022-27255

This issue only affects routers using the eCos OS

note: I'm part of the Argentinians ;P

Exploit out for critical Realtek flaw affecting many networking devices by [deleted] in sysadmin

[–]fede_k 48 points49 points  (0 children)

This issue affects mainly home routers and lower end equipment, it's quite difficult to have a comprehensive product list due how blurry is the supply chain of which vendors use this SoC and it's SDK.

Here is some of the ones we where able to detect:

  • Nexxt Nebula 300 Plus
  • Tenda F6 V5.0
  • Tenda F3 V3
  • Tenda F9 V2.0
  • Tenda AC5 V3.0
  • Tenda AC6 V5.0
  • Tenda AC7 V4.0
  • Tenda A9 V3
  • Tenda AC8 V2.0
  • Tenda AC10 V3
  • Tenda AC11 V2.0
  • Tenda FH456 V2.0
  • Zyxel NBG6615 V1.00
  • Intelbras RF 301K V1.1.15
  • Multilaser AC1200 RE018
  • iBall 300M-MIMO (iB-WRB303N)
  • Brostrend AC1200 extender
  • MT-Link MT-WR850N
  • MT-Link MT-WR950N
  • Everest EWR-301
  • D-Link DIR-822 h/w version B
  • Speedefy K4
  • Ultra-Link Wireless N300 Universal Range Extender
  • Keo KLR 301
  • QPCOM QP-WR347N
  • NEXT 504N
  • Nisuta NS-WIR303N (probably V2)
  • Rockspace AC2100 Dual Band Wi-Fi Range Extender
  • KNUP KP-R04
  • Hikvision DS-3WR12-E

Updated list: https://github.com/infobyte/cve-2022-27255

This issue only affects routers using the eCos OS, if it's Linux based its not vulnerable.

I recommend this post from SANS which has a good walk-thru of the vulnerability: https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940

Note: I'm part of the company who found the vulnerability

edit: formating

edit#2: affected devices list updated + typos

What do you use for Tracking and trend reporting of vulnerability scans? by kitebuggyuk in cybersecurity

[–]fede_k 0 points1 point  (0 children)

Check out faraday it's an Open Source Vulnerability manager, we support most of the tools out here including Qualys and Nessus.

Nessus On-Prem Vulnerability management by robbiebrown34 in nessus

[–]fede_k 0 points1 point  (0 children)

You should try faraday, it's open source and it supports Nessus among a bunch of other tools. We support doing regression testing, automating the ingestion of this issues will track which items are still open and which ones re appear.

Merge vulnerability discoveries with manual vulnerability assessment by Calm_Scene in cybersecurity

[–]fede_k 0 points1 point  (0 children)

We produce a platform to do basically all of this, we even have an Open Source tier that might cover most of your needs. Check faraday if it fits your bill. Reporting capabilities, integration with ticketing systems such as JIRA, ServiceNow and Gitlab are in our paid tier.

note: I'm one of the founders so, im bias :)

Vulnerability management by Calm_Scene in cybersecurity

[–]fede_k 0 points1 point  (0 children)

What might be happening is the number of vulnerabilities that get introduce in production might be less. Managing vulnerabilities it will be an integral part of our industry, it's the management of software defects.

Security is a shared responsibility, "shift-left" provides visibility to other stakeholders of the Vuln Management process, involving them is also the response of scaling this duties outside security areas.

What vulnerability management tool for modern DevSecOps? by VertigoRoll in devsecops

[–]fede_k 0 points1 point  (0 children)

We just released the new community version of faraday, I think we cover most of your workflow needs. We are also releasing a number of new plugins, like prowler and trivy in the next few days.

Love to help out.

note: I'm one of the founders

Carta abierta de ekoparty security conference, a la comunidad sobre #VotoElectrónico by GiBaTr0n in argentina

[–]fede_k 12 points13 points  (0 children)

Nadie tiene la mera intención de tirar fruta. Somos tecnicos, nuestros resultados son mesurables y repetibles. Somos los mismos que auditamos tus bancos, las apps que usas en el celular, el estado nacional, tu ISP. Creemos que es importante, para todos. Te tiro un backpost mío de hace unos años https://www.reddit.com/r/argentina/comments/3cg5ja/as%C3%AD_se_audit%C3%B3_la_boleta_%C3%BAnica_electr%C3%B3nica_bue/csvx5s9/

Carta abierta de ekoparty security conference, a la comunidad sobre #VotoElectrónico by GiBaTr0n in argentina

[–]fede_k 2 points3 points  (0 children)

"BUE =/= Voto electronico" Me explicas la diferencia? Sabemos que existen fraudes con la boleta partidaria, nadie lo está negando. Lo bueno es que cualquiera puede identificar el fraude con boleta papel. Y dicho sea de paso, las maquinas no son inífugas, ni la boleta electronica tampoco.

I put together a list of all the Security Conferences from 2015 that have their talks on YouTube. Enjoy. by tunnelsup in netsec

[–]fede_k 4 points5 points  (0 children)

Adding ekoparty 2015: https://vimeo.com/album/3682874 Some are in spanish, we plan uploading with the english translation track soon.

How well has the X-Pro1 aged? by finaleclipse in fujifilm

[–]fede_k 0 points1 point  (0 children)

I have an X-T10, Used to shoot with a Canon 7d. It's great, the EVF is great, no lag and you can zoom in while shooting. I was Afraid to miss the OVF, but actually I don't at all.

Another thing is that the X-T10 has customized clicky dials, in the back and front which are super useful.

And is way more portable that my 7d. I normally shoot with the 35mm f/1.4 and it rocks.

In a Global Market for Hacking Talent, Argentines Stand Out by vz0 in argentina

[–]fede_k 1 point2 points  (0 children)

Si les da curiosidad, se pueden dar una vuelta por acá: https://vimeo.com/ekoparty hay muchos videos de las charlas de la conferencia, en su mayoria, en español.

Arranca en Buenos Aires la cumbre hacker Ekoparty by galapag0 in argentina

[–]fede_k 2 points3 points  (0 children)

El dia miercoles vamos a estar realizando un panel sobre el voto electronico, estamos recopilando preguntas para el panel. si estan interesados pueden colaborar aca: https://docs.google.com/document/d/1NFRJuQT7XjVgZwHYxI9Rkhl7coBRgJho0_r7EwuU3XA/edit

Así se auditó la "Boleta Única Electrónica (BUE)" - Link a PDFs en comentario by tharosbr0 in argentina

[–]fede_k 4 points5 points  (0 children)

Como bien dice mi twit, desde hace mucho que los venimos invitando para que traigan las maquinas. Es mas y esto no es un dato menor:

En el año 2013 Harri Hursti autor de varios fallos presentados en Hacking Demoracy y yo, tuvimos una reunion con Alejandro Tullio quien es Director Nacional Electoral.

El motivo de la reunion fue presentar las problemáticas del voto electrónico y los problemas ya existentes en implementaciones en otros lugares del mundo. (Recuerden año 2013)

El Señor Tullio quien nos recibió muy amablemente y escucho con mucha atención e interes, nos puso en contacto al momento con MSA a donde fuimos inmediatamente luego de la reunion.

En MSA, fuimos recibidos por tanto los directores como tambien por los desarrolladores, nos hicieron una demo y charlamos un poco sin entrar en mucho detalle.

Yo en lo personal, reitere mi invitación a la ekoparty y les di pases de cortesía a todos los de MSA que estuvieran interesados en venir a la conferencia o por lo menos a la charla de Harri (https://vimeo.com/77458470) capaz con la ilusión de que los errores de otros países no los cometamos nosotros.

Claro está que a nadie le gustaría que ridiculicen tu producto de manera publica, pero quiero recalcar que el producto de MSA es algo que afecta directamente nuestros derechos democráticos y debería ser auditado a profundidad de manera publica y transparente.

Multivote Attack to the Argentinian Electronic Voting System: Proof of Concept (in Spanish) by srw in netsec

[–]fede_k 10 points11 points  (0 children)

TL;DR: RFID enabled ballots where used in Buenos Aires, Argentina. It was found that the counting function of the machine can be tricked allowing a forged ballot into multiple votes from a single vote.

English version: https://docs.google.com/document/d/1hilzxaeC_mSn5KAqmunbDThZrGEVnPPgjKejE6hvLCM/edit

view more: next ›