Internet In Danger: Analysis of ISC Bind Patch (part 2)

In this second part article, we analyze two recent vulnerabilities in ISC BIND identified as CVE-2016-1286 and CVE-2016-2088. Based on advisories, these bugs can be triggered using a malformed DNAME record (CVE-2016-1286) or an OPT COOKIE records (CVE-2016-2088). These two bugs share the same attack scenario that can only be Continue Reading

CVE-2015-4400 : Backdoorbot, Network Configuration Leak on a Connected Doorbell

Summary In March 2015, a Network Configuration Leak vulnerability was disclosed to Ring as part of FortiGuard’s Responsible Disclosure process. The vulnerability existed on their first internet-connected doorbell, Doorbot v1.0 but other posts on the subject show that the vulnerability was ported on newer versions of the connected doorbell as Continue Reading