Thursday, January 18, 2018
Home Tags Helsinki

Tag: Helsinki

First-of-its-kind specification and new Open Broadband projects will enable the cloudification of broadband networks Helsinki, Finland – September 14, 2017: The first standard for distributed virtualized Customer Premises Equipment (vCPE) has been published by the Broadband Forum as it continues to accelerate its work on Open Broadband, Cloud Central Office (CO) and SD-WAN.The virtual Business Gateway (vBG) (TR-328) accelerates the delivery of new-generation standardized, carrier-class, interoperable business services such as enterprise class firewall and Wide... Source: RealWire
Helping citizens claim their personal data rights 23rd August 2017, Bath, UK: Consent & personal information management specialists from MyLife Digital will present on the international stage at the MyData conference in Tallinn and Helsinki later this month.

Three speakers from MyLife Digital will contribute to the substantial programme of twelve different topic tracks, over the three-day conference which explores the future of the personal data economy.MyData 2017 takes place from 30th August to 1st... Source: RealWire
Lawsuits get settled, but what about the companies wielding Nokia patents?
"ScanBox" Web malware used compromised National Foreign Trade Council website.
Small flaws, but they add up Vulnerabilities in a network attached storage (NAS) devices made by QNAP Systems create a potential means for hackers to steal data and passwords, execute commands or drop malware on vulnerable kit, say security researchers. Researchers at F-Secure claim they have found a series of weaknesses in the firmware update process of QNAP’s TVS-663 NAS device, such as not encrypting the update requests.

These security shortcomings create a means for hackers to seize administrative control of vulnerable devices, they claim. Harry Sintonen, senior security consultant at F-Secure, developed a proof-of-concept exploit to confirm the vulnerabilities. “Many of these types of vulnerabilities are not severe on their own.

But attackers able to put them together can cause a massive compromise,” according to Sintonen. Sintonen’s PoC begins when the device sends unencrypted requests for firmware updates back to the company.

This lack of encryption allows hackers to run man-in-the-middle attacks.
Sintonen says he took advantage of this weakness by serving the device with an exploit disguised as a firmware update. While the fake update is never actually installed, an exploit uses a flaw in the process to yield a full system compromise, he claims.

The one major limitation is that hackers would need to be in the position to intercept the update process before they can manipulate it, he added. That would be enough to frustrate remote hackers – though not miscreants already logged onto the same network as their intended target, he explained. F-Secure estimates that over 1.4 million devices running vulnerable firmware could be vulnerable.

The research was presented at the Disobey conference in Helsinki, Finland last week. El Reg invited QNAP Systems to comment on the research on Tuesday but we’ve yet to hear back from the storage tech supplier. We'll update if we hear more.

F-Secure said it notified QNAP last February. ® Sponsored: Next gen cybersecurity.
Visit The Register's security hub