Black hat-turned-white hat security researcher discloses a vulnerability in Impero's system monitori - Polidicks

Black hat-turned-white hat security researcher discloses a vulnerability in Impero's system monitori

6 replies, posted
In This Thread

[url]http://www.theregister.co.uk/2015/08/05/impero_plastered/[/url] [quote=The Register]Nottinghamshire-based software biz Impero has a lot of recycling to do – after hacker-turned-security-researcher Cal Leeming delivered over 9,000 paper copies of a vulnerability to the company's headquarters as a protest. A few weeks ago, Impero hit the headlines when it threatened to sue someone called Slipstream, who had published details of a security flaw with the firm's software. Impero produces an application that allows network administrators in schools to remotely manage devices and networks, and the flaw would have allowed someone with local access (such as a pupil) to run malicious code on any PC. Slipstream was threatened with copyright infringement for publishing the software's hardcoded AES key and IV; breach of contract; and breach of confidentiality. But the threats fizzled out after Slip took down details of the vulnerability. Impero's attitude ruffled a lot of feathers in the UK security community, and seems to have particularly irritated Leeming. So he printed out 9,001 copies of an exploit for Impero's security holes, and delivered them to the company, as well as sending them a copy on a floppy disc (although who has a floppy drive these days?)[/quote]

He seems to have a good taste in memes

[quote]Impero produces an application that allows network administrators in schools to remotely manage devices and networks, and the flaw would have allowed someone with local access (such as a pupil) to run malicious code on any PC.[/quote] A security vulnerability in a school administration system? I never thought these were ever intended to be secure above the level of "oh, I guess this isn't something I am allowed to touch, I better let it be" Like, power to the guy I guess he's trying to do a good thing but it's like he's trying to stand a watch next to the pissers on the men's bathroom. No matter what, somebody will miss the bowl anyway and the floor is made of tiles so it's easy to wash.

[QUOTE=Awesomecaek;48385439]the floor is made of tiles so it's easy to wash.[/QUOTE] Except that in the case of a school's computer security the potential damage can end up ruining the future lives of aspiring students. If someone fucks with it, it won't be as easy to fix as wiping it away with a wet rag.

[QUOTE=Awesomecaek;48385439]A security vulnerability in a school administration system? I never thought these were ever intended to be secure above the level of "oh, I guess this isn't something I am allowed to touch, I better let it be" Like, power to the guy I guess he's trying to do a good thing but it's like he's trying to stand a watch next to the pissers on the men's bathroom. No matter what, somebody will miss the bowl anyway and the floor is made of tiles so it's easy to wash.[/QUOTE] Then someone alters the grades of half the school without anyone knowing [editline]6th August 2015[/editline] Or simply deletes all the electronic records

impero is a joke and you could force it to end explorer.exe on launch by putting an item in the startup folder which was banned. you could also remove your screen from the monitering thing by logging in without the ethernet plugged in

[QUOTE=itisjuly;48385423]He seems to have a good taste in memes[/QUOTE] How did I not notice.. shit!

Sorry, you need to Log In to post a reply to this thread.