I Found a Thing and You Can Too: ISP’s Unauthenticated SOAP Service = Find (almost) All the Things!

RVAsec 3

Presented by: Nicholas Popovich
Date: Thursday June 05, 2014
Time: 13:00 - 13:50
Location: Richmond Salons

This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope. This is will be a discussion of a recent independent research project that eventually lead to an information disclosure vulnerability by a major U.S. ISP. This is also an example of when a coordinated disclosure goes right.

What began with simple curiosity into the inner workings of an application lead to the ability to list wireless network names and wireless encryption keys (among other things) armed only with a WAN IP address.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats