Monday, October 1, 2007

Owning Axis IP Cameras

Over the weekend, i had the time to review a whitepaper written by both Adrian Pastor and Amir Azam. In that article, they displayed certain XSS techniques that allowed an attacker to own the IP cameras and monitor it. Well, i would say that this is not too bad of an article as the PoC included. It is still the same old XSS that is doing the trick and CSRF that allows creation of admin accounts. The firmware for Axis is just crap. They should brush up on their security to avoid more security issues. For those who are interested, do check it out at

http://www.gnucitizen.org/blog/owning-big-brother-hollywood-style-exploits-included


The Hacka Man

1 comment:

Anonymous said...

Can anyone recommend the well-priced Patch Management system for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central remote support
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!