Wednesday, December 22, 2010

The Fun Part



So it isn't new but .. sounds great 
so lets go ahead ..

Here’s where it gets fun: many of these devices use hard-coded SSL keys that are baked into the firmware. That means that if Alice and Bob are both using the same router with the same firmware version, then both of their routers have the same SSL keys. All Eve needs to do in order to decrypt their traffic is to download the firmware from the vendor’s Web site and extract the SSL private key from the firmware image.



Lets get deeper into what these guys are talking about..
A lot of embedded devices provide HTTPS support so that administrators can administer the devices securely over untrusted networks. Some devices, such as SSL VPNs, center their entire functionality around SSL encryption. OK, well SSL isn’t perfect, but it’s still the de facto standard for Web-based encryption. So far, so good.


Thats a perfect start to step up & start running .
But wait wait these guys are already into it(I mean 'dedicated to exploring, exploiting and improving embedded devices')
& remember littleblackbox is always there for help (with over 2,000 unique private SSL keys and growing).


And you're Done!!:D:D


See ya there at ./a.in

No comments:

Post a Comment