The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

Secret backdoors found in gear from Barracuda Networks

http://en.wikipedia.org/wiki/Barracuda_Networks

A variety of firewall, VPN, and spam filtering gear sold by Barracuda Networks contains undocumented backdoor accounts that allow people to remotely log in and access sensitive information, researchers with an Austrian security firm have warned.

The SSH, or secure shell, backdoor is hardcoded into "multiple Barracuda Networks products" and can be used to gain shell access to vulnerable appliances, according to an advisory published Thursday by SEC Consult Vulnerability Lab.

"This functionality is entirely undocumented and can only be disabled via a hidden 'expert options' dialog," the advisory states. The boxes are configured to listen for SSH connections to the backdoor accounts and will accept the username "product" with no Update: a "very weak" password to log in and gain access to the device's MySQL database. While the backdoors can be accessed by only a small range of IP addresses, many of them belong to entities other than Barracuda.