Just a quick post to serve a couple of purposes. First, a reminder to go to and submit content to securityfail.com. Secondly, check out ALL the current articles there, but mainly the post I have written about Avaya 4600 series phones and Canon iR series devices.
What is SecurityFail’s purpose you ask? Since you want everything handed to you, here you go from the site:
The purpose of this site is to document security failures in various technologies. Users are encouraged to submit stories and articles detailing how various technologies have failed you in terms of security. Using embedded systems as an example, we’d like to highlight issues such as:
We want vendors of embedded systems to:
- FORCE the user to select the password
- Allow users to disable protocols
- Only enable secure management protocols by default (HTTPS, SSH)
We want ISPs to:
- Block inbound port 80 on user subnets
- Manage customer devices properly and implement security
This is a great way to raise awareness and shed light on many of the problems embedded systems have. As time permits, I have plans for a couple more articles for the site. Keep watching!