Websec at DEFCON 2009

In 2009, Websec was proud to participate in DEFCON as a featured speaker. DEFCON is the world's largest and most prestigious computer security/hacker conference, in which participants gather from around the world in Las Vegas to share and discuss newly discovered vulnerabilities and security issues. DEFCON 2009 featured nearly eight thousand attendees and two hundred speakers, marking another year of growth in this its 17th year of existence.

In this year's conference, Websec security researcher Pedro Joaquin presented the long awaited results from his most recent studies regarding residential modem security, Attacks on 2wire Residential Gateways. Pedro was the first to publicly expose a high-impact vulnerability targeting the 2wire model of router. This vulnerability allows DNS poisoning via a cross site forgery request, resulting in authentication bypass and drive-by router pharming.

This vulnerability is particularly troublesome in Mexico, where use of the 2wire router is most prevalent. A subsequent patch designed to rectify the problem was itself flawed and in fact contained the additional, more severe problem of another authentication bypass vulnerability. Pedro's work in discovering and remedying the initial vulnerability, and well as the one contained within the patch, has helped to greatly improve the security of residential systems that utilize the 2wire router.

For additional information: http://www.defcon.org http://www.hakim.ws