Archive for October, 2015

Palo Alto Networks Panorama VM Appliance Web Console Default Admin Credentials

October 31, 2015

According to the manual for the Palo Alto Networks Panorama VM Appliance 6.0:

Panorama provides centralized management and visibility of multiple Palo Alto Networks next-generation firewalls. It allows you to oversee all applications, users, and content traversing the network from one location, and then use this knowledge to create application enablement policies that protect and control the entire network. Using Panorama for centralized policy and device management increases operational efficiency in managing and maintaining a distributed network of firewalls.

The manual also shows that the appliance has a default admin password for the web console to manage the VM:

Access the console of the Panorama virtual appliance.
1. Select the Console tab on the ESX(i) server for the virtual Panorama. Press enter to access the login screen.
2. Enter the default username/password (admin/admin) to log in.
3. Enter configure to switch to configuration mode.


EFF identified dozens of license plate readers with insufficient security

October 30, 2015

The EFF identified dozens of license plate readers with insufficient security (and many with no protection at all). You can read the full article which mentions one of my blog posts with my research on the devices!

Independently, a researcher named Darius Freamon found that you could access the control panels via Telnet and generate statistics about plate captures. Building off Freamon’s work, a team of computer scientists at the University of Arizona dug further into the data and found vulnerable cameras in Washington, California, Texas, Oklahoma, Louisiana, Mississippi, Alabama, Florida, Virginia, Ohio, and Pennsylvania. The largest cluster was in southeastern Louisiana.