Posts by Tod Beardsley

Actually, Grindr is Fine: FUD and Security Reporting

On Wednesday, March 28, NBC reported Grindr security flaws expose users' location data [https://www.nbcnews.com/feature/nbc-out/security-flaws-gay-dating-app-grindr-expose-users-location-data-n858446] , a story which ticks a couple hot-button topics for security professionals and security reporters alike. It’s centered around the salacious topic of online dating in the LGBT community, and hits a personal safety concern for people using the app everywhere, not to mention the possibility of outing

4 min Vulnerability Disclosure

R7-2018-01 (CVE-2018-5551, CVE-2018-5552): DocuTrac Office Therapy Installer Hard-Coded Credentials and Cryptographic Salt

DocuTrac QuickDoc & Office Therapy ships with a number of static accounts which are not disclosed to the end user.

3 min Haxmas

HaXmas: The True Meaning(s) of Metasploit

Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.

1 min Haxmas

On the Zero-eth Day of HaXmas...

I suppose it’s only fitting that this year, we introduce our storied 12 Days of HaXmas on the zero-eth day. Technically, Twelvetide [https://en.wikipedia.org/wiki/Twelve_Days_of_Christmas] doesn’t start until December 25th. This year, we’re focusing on the security events that grabbed our attention, metrics that piqued our interest, and projects we pursued outside the blog and research spheres. We wanted to take a moment here at the end of the year to make sure that they didn’t just get lost lik

18 min Vulnerability Disclosure

R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities

Summary of Issues Multiple vulnerabilities in Cambium Networks’ ePMP and cnPilot product lines were discovered by independent researcher Karn Ganeshen [https://ipositivesecurity.com/], which have, in turn, been addressed by the vendor. The affected devices are in use all over the world to provide wireless network connectivity in a variety of contexts, including schools, hotels, municipalities, and industrial sites, according to the vendor [https://www.cambiumnetworks.com/industry/]. These issue

4 min Rapid7 Perspective

Attention Humans: The ROBOT Attack

What’s the ROBOT Attack? On the afternoon of December 12, researchers Hanno Böck, Juraj Somorovskym and Craig Young published a paper, website, testing tool, and CTF at robotattack.org [https://robotattack.org] detailing a padding oracle attack that affects the way cryptography is handled on secure websites. ROBOT, which stands for Return Of Bleichenbacher's Oracle Threat, details a weakness in the RSA encryption standard known as PKCS#1v1.5 that can ultimately allow an attacker to learn a secur

4 min

CVE-2017-16943: Exim BDAT Use-After-Free

Exim BDAT Use-After-Free (CVE-2017-16943): What You Need To Know Turns out, the Exim Internet Mailer [https://www.exim.org/credits.html] team was busy over the Thanksgiving holiday, after security researcher “meh [https://twitter.com/mehqq_]” reported a pair of vulnerabilities in the wildly popular open source email server. The first, a critical remote execution vulnerability, is a use-after-free (UAF) vulnerability, dubbed CVE-2017-16943 [https://www.rapid7.com/db/vulnerabilities/smtp-exim-cve-

3 min Cybersecurity

NCSAM Security Crash Diet: Wrap-up

Wow, it’s November 7 already, and I still have all my National Cyber Security Awareness Month [https://www.dhs.gov/national-cyber-security-awareness-month] decorations up! I really need to take care of those. But, before I get to taking down all my 2FA authentication token lawn decorations, I figured it’d be a good time to chat it up with Olivia, and see how her NCSAM crash diet went. Tod: So, over the course of the month, what’s the one task you performed that benefited you the most? Olivia:

2 min Cybersecurity

NCSAM: How Hackable Are You?

Rapid7 partnered with The Today Show to offer a fun, fast self-assessment quiz to determine individual cybersecurity risk levels. How hackable are you?

8 min Vulnerability Management

No-Priority, Post-Auth Vulnerabilities

In the course of collecting and disclosing vulnerabilities, I occasionally come across an issue that walks like a vuln, quacks like a vuln, but… it’s not exactly a vuln. As per our usual vulnerability disclosure process [https://www.rapid7.com/security/disclosure/], we still report these issues to vendors. The behavior observed is nearly always a bug of some sort, but it’s not immediately exploitable, or the “exploit” is merely exercising the expected level of privilege, but in an unexpected con

3 min Rapid7 Perspective

NCSAM: A Personal Security Crash Diet

We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.

2 min Vulnerability Management

Apache Struts S2-052 (CVE-2017-9805): What You Need To Know

Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement [https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/] describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502 [https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known vulnerability pattern, and I would expect crimeware kits to

4 min Microsoft

Petya-like Ransomware Explained

TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in Ukraine yesterday and has spread around the world. The ransomware, which was initially thought to be a modified Petya variant, encrypts files on infected machines and uses multiple mechanisms to both gain entry to target networks and to spread laterally. Several research teams are reporting that once victims' disks are encrypted, they cannot be decrypted [https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware

2 min Vulnerability Disclosure

R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)

Summary The Workspaces component of Biscom Secure File Transfer (SFT) version 5.1.1015 is vulnerable to stored cross-site scripting in two fields. An attacker would need to have the ability to create a Workspace and entice a victim to visit the malicious page in order to run malicious Javascript in the context of the victim's browser. Since the victim is necessarily authenticated, this can allow the attacker to perform actions on the Biscom Secure File Transfer instance on the victim's behalf.

17 min Vulnerability Disclosure

R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities

Executive Summary In October of 2016, former Rapid7 researcher Phil Bosco [https://twitter.com/secillusion] discovered a number of relatively low-risk vulnerabilities and issues involving home security systems that are common throughout the United States, and which have significant WiFi or Ethernet capabilities. The three systems tested were offerings from Comcast XFINITY, ADT, and AT&T Digital Life, and the issues discovered ranged from an apparent "fail open" condition on the external door and