Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)
Fast Software Encryption, Cambridge Security Workshop
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Illuminating the security issues surrounding lights-out server management
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
Hi-index | 0.00 |
Many IT departments use remote administration products to configure, monitor, and maintain the systems they manage. These tools can be beneficial in the right hands, but they can also be devastating if attackers exploit them to seize control of machines. As a case study, we analyze the security of a remote administration product called Absolute Manage. We find that the system's communication protocol suffers from serious design flaws and fails to provide adequate integrity, confidentiality, or authentication. Attackers can exploit these vulnerabilities to issue unauthorized commands on client systems and execute arbitrary code with administrator privileges. These blatant vulnerabilities suggest that remote administration tools require increased scrutiny from the security community. We recommend that developers adopt defensive designs that limit the damage attackers can cause if they gain control.