I Found a Thing and You Can Too: ISP’s Unauthenticated SOAP Service = Find (almost) All the Things!

This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope. This is will be a discussion of a recent independent research project that eventually lead to an information disclosure vulnerability by a major U.S. ISP. This is also an example of when a coordinated disclosure goes right.

What began with simple curiosity into the inner workings of an application lead to the ability to list wireless network names and wireless encryption keys (among other things) armed only with a WAN IP address.

Presented by