I Found a Thing and You Can (Should) Too: ISP's Unauthenticated SOAP Service = Find (Almost) All The Things!

ShmooCon X - 2014

Presented by: Nicholas Popovich
Date: Saturday January 18, 2014
Time: 11:00 - 11:50
Location: Bring It On room
Track: Bring it On

This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope. This will be a discussion of a recent independent research project that eventually led to an information disclosure vulnerability by a major U.S. ISP. This is also an example of when a coordinated disclosure goes right.

What began with simple curiosity into the inner workings of an application lead to the ability to list wireless network names and wireless encryption keys (among other things) armed only with a WAN IP address.

Nicholas Popovich

Nick Popovich's passion is learning and exploring the offensive side of IT security. He works as a penetration tester, trying to raise the overall security posture of organizations through infrastructure security testing. Nick's mission is to help individuals and organizations involved with the defensive side of InfoSec understand the mechanics and methods of the attackers they defend against and to assist in realistically testing those defenses. He's a lifelong learner and loves finding new ways to get under the hood of systems and networks. He is a father of two and a husband to one.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats