Web Security Negligence and the JetButt Vulnerability
A few weeks ago my internet service provider decided to take a vacation for the day; left me up a creek without a paddle (Who? take a wild guess). I had a lot of work to complete and decided to just go buy a 4g hotspot (Verizon Ellipsis jetpack - latest firmware as of this post). I liked the idea of having a backup for future fails and it’s for the most part quick and easy to setup.
What should have been a somewhat productive day of work turned into an investigation of the device and its firmware. It didn’t take long to find some pretty hilarious problems. I decided to report the vulnerabilities to Verizon and left a very respectful time period of silence (1 month) before writing this post. Anyway, the takeaways from this post are as follows:
- Always audit a device before going to market.
There are a lot of companies and
Continue reading →