[Owasp-boston] OWASP Boston March mtg - Thursday 3/8

Weiler, Jim Jim.Weiler at starwoodhotels.com
Wed Mar 7 18:18:47 UTC 2012

Just a reminder - we'll be meeting tomorrow, Thursday 3/8 at JobSpring
in Boston - 545 Boylston Street
Suite 600. We'll be part of the monthly Boston Security Meetup -


You'll have to wait until someone lets you in the elevator.  JobSpring
will be providing pizza and beer.


Topic - Corporate Espionage for Dummies: The Hidden Threat of Embedded
Web Servers 

Speaker - VP for Security Research at ZScaler, along with other speakers
at the security meetup. 

Today, everything from kitchen appliances to television sets come with
an IP address. Network connectivity for various hardware devices opens
up exciting opportunities. Forgot to lower the thermostat before leaving
the house? Simply access it online. Need to record a show? Start the DVR
with a mobile app. While embedded web servers are now as common as
digital displays in hardware devices, sadly, security is not. What if
that same convenience exposed photocopied documents online or allowed
outsiders to record your telephone conversations? A frightening thought

Software vendors have been forced to climb the security learning curve.
As independent researchers uncovered embarrassing vulnerabilities,
vendors had little choice but to plug the holes and revamp development
lifecycles to bake security into products. Vendors of embedded web
servers have faced minimal scrutiny and as such are at least a decade
behind when it comes to security practices. Today, network connected
devices are regularly deployed with virtually no security whatsoever. 

The risk of insecure embedded web servers has been amplified by insecure
networking practices. Every home and small business now runs a wireless
network, but it was likely set up by someone with virtually no
networking expertise. As such, many devices designed only for LAN access
are now unintentionally Internet facing and wide open to attack from
anyone, regardless of their location. 

Leveraging the power of cloud based services, Zscaler spent several
months scanning large portions of the Internet to understand the scope
of this threat. Our findings will make any business owner think twice
before purchasing a 'wifi enabled' device. We'll share the results of
our findings, reveal specific vulnerabilities in a multitude of
appliances and discuss how embedded web servers will represent a target
rich environment for years to come.




Jim Weiler       CISSP   CSSLP   GSSP - Java

Application Security Architect

Starwood Hotels      1505 Washington St.   Braintree MA. 02184

desk - 781 356 0067

mobile - 781 654 6048


This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged. 
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be 
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received 
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-boston/attachments/20120307/a73e1d99/attachment.html>

More information about the Owasp-boston mailing list