Looks can be deceiving when a security researcher first studies a piece of code. What might seem mundane or straightforward on the surface — an insecure log-in page, for example — can lead to unexpected results when a security practitioner digs deeper. Without humans scanning for vulnerabilities, bugs are left to fester, and can be exploited to cause real issues if they fall into the wrong hands. That lesson lingers in Ken Pyle’s mind. During a security test for a client last year, Pyle, a partner at the security company DFDR Consulting, examined a networking switch made by Cisco. The equipment is popular with small businesses, including the managed service providers that handle remote connections, because it allows organizations to administer multiple devices across a network. What started as a simple web application vulnerability, upon closer inspection, turned out to be two previously-unreported flaws affecting hundreds of thousands of devices, […]
The post Bug hunter unveils Cisco zero-days at ShmooCon appeared first on CyberScoop.
Continue reading Bug hunter unveils Cisco zero-days at ShmooCon→