Vulnerabilties in Security Appliances

Recent articles published in CSO Online and Computerworld are referencing a report by NCC Group which casts light on the vulnerabilities and security flaws which exist in many computer appliances.  NCC's research, which it released at Black Hat Europe 2013, revealed significant vulnerabilities in almost all security appliance prodcuts that were tested.  These included vulnerabilities to:

• Cross-Site_Scripting attacks
• Automated password attacks for SSH
• Unauthenticated detailed version disclosure

...and many more.  A gentle reminder to professionals everywhere to ensure that our infrastructure is as up to date and hardened as possible...and a call to arms for the security profession to push the security industry to set the example for hardened, well-coded, and secure appliances.

I have posted a copy of the full NCC report here for those who are interested.