Wednesday, August 20, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
ASUS To Unveil Smartwatch At IFA
WD Releases Anniversary Edition My Passport Drives
JPR Reports AMD, Intel Jump in GPU Shipments, Nvidia Slips
HTC One M8 for Windows Unveiled
SanDisk Releases The TLC-based Ultra II SSD
Samsung Delivers Slim Level Box mini Wireless Speaker
LG G3 UX To Become Standard In Across LG's Mid- to Entry-level Devices
New BD-DSD Blu-ray Disc Standard Allows Storing 200GB Of Data Per Disc
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Homelan...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, January 29, 2013
Homeland Security Says UPnP Poses Risks


The U.S. government is warning to disable UPnP, a common networking feature, after bugs have left millions of hardware devices vulnerable to attacks by hackers and malware.

The Department of Homeland Security urged computer users on Tuesday to disable Universal Plug and Play (UPnP), a set of network protocols designed to support automatic discovery and service configuration.

The security bugs were initially brought to the attention of the government by computer security company Rapid7, in Boston, which released a report on the problem on Tuesday. The company said it discovered between 40 million and 50 million devices that were vulnerable to attack due to problems that the firm's researchers have identified with the UPnP standard.

According to Rapid7, the two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities. In the case of the Portable UPnP SDK, over 23 million IPs are vulnerable to remote code execution through a single UDP packet. The company identified over 6,900 product versions that were vulnerable through UPnP. This list encompasses over 1,500 vendors.

The vulnerabilities Rapid7 identified in the Portable UPnP SDK have been fixed as of version 1.6.18 (released today), but it will take a long time before each of the application and device vendors incorporate this patch into their products.

The flaws could allow hackers to access files, steal passwords, take full control over PCs as well as remotely access devices such as webcams, printers and security systems.

Rapid7 has released a free tool that can identify exposed UPnP endpoints in your network and flag which of those may remotely exploitable through recently discovered vulnerabilities.


Previous
Next
BlackBerry 10: RIM's Last Hope To Apple And Samsung        All News        Get Ready For Crysis 3 beta With New AMD Catalyst Drivers
LG Reports Revenue Decrease, Operating Profits For 2012     General Computing News      Microsoft Releases Office 365 Home Premium

Get RSS feed Easy Print E-Mail this Message

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .