Dahua Cameras Unauthorized Access Vulnerability Technical Analysis and Solution

Recently, Dahua Technology, a well-known security camera and digital video recorder (DVR) vendor in China, released firmware updates to address a serious security issue in certain products. Before the vendor made an official statement on this issue, however, a security researcher named Bashis said that this vulnerability seemed to be a backdoor intentionally left by the vendor and so made his findings public without notifying Dahua in advance. 阅读全文 “Dahua Cameras Unauthorized Access Vulnerability Technical Analysis and Solution” »

2016 NSFOCUS Security Report Regarding Network Video Surveillance Systems

With the robust development of the Internet of Things (IoT), more and more security issues are found with IoT devices. These imminent threats, especially those from network video surveillance systems (NVSSs) that account for a large majority of IoT devices, have drawn attention from security professionals from home and abroad. (In this paper, network video monitors (NVMs), web cameras, and digital video recorders (DVRs) are all referred to as NVSSs.) 阅读全文 “2016 NSFOCUS Security Report Regarding Network Video Surveillance Systems” »

Nginx Local Privilege Escalation Vulnerability Technical Analysis and Solution

On November 15, 2016 (local time), legalhackers.com released an advisory about a privilege escalation vulnerability, assigned CVE-2016-1247, found in the Nginx server. Nginx web server packaging on Debian-based distributions, such as Debian or Ubuntu, was found to allow creating log directories with insecure permissions. 阅读全文 “Nginx Local Privilege Escalation Vulnerability Technical Analysis and Solution” »