STE WILLIAMS

Support for Apple’s original iPhone will end on June 11, according to a report from 9 to 5 Mac which got its hands on an advisory (JPG) sent to Apple shops advising of products the fruity company will no longer support.

Announced in early 2007 and then released in June of that year, the first iPhone’s breakthrough feature features were a touch screen, browser and EDGE networking. The combination of the three made for a very fine experience in 2007, when phone screens were small, user interfaces cluttered and download speeds slower than the 384 kb/s EDGE achieved in its best moments.

To understand why that combination was a hit, consider the competition such as Nokia’s N95, a standout phone at the time but one that also offered only a 2.6”, 240 x 320 pixels, screen. The N95 was a “slider” that concealed a second set of controls beneath its screen, an arrangement that now sounds confusing but which at the time we felt, in this review “ … doesn’t compromise on size or functionality, and for once avoids the unnecessary irritations that have spoiled past N series phones.”

The Nokia N95 and its dual control panels

In the same year Motorola refreshed its clamshell RAZR line with the RAZR 2, another EDGE device with a 240×320 screen. BlackBerry’s 2007 effort was the 8800 series, which like the N95 offered GPS facilities and a browser. But the base model didn’t offer WiFi – that came along a month or three later in the 8820, which we felt didn’t implement the wireless technology very well.

Little wonder then that the first iPhone, with its Jobsian integration, excited many, including Reg hack Cade Metz, who queued to buy one and then filed this generally positive review.

His conclusion? “The iPhone is so much fun – and irritating – because it’s such a departure from what’s come before.”

One thing that review doesn’t mention is apps, because the first iPhone didn’t have any beyond those Apple built into the first version of iOS. Steve Jobs thought they were a bad idea as he felt third-party developers would sully the overall iPhone experience. Walt Isaacson’s biography of Jobs quotes then Apple Board member Art Levinson as saying he fought hard to turn Jobs around on the matter (page 501 of the Australian hardback edition).

An image of the iPhone from the Reg archives, uploaded on Jan 9, 2007

The first iPhone instead offered web applications, sites presented in the same resolution 320×480 resolution as the phone’s screen and which offered simple interactivity by presenting a new screen after each interaction. Your correspondent recalls an anemic text adventure being bookmarked by default in a new iPhone 3G acquired in 2008, a time at which apps were available but Apple still liked the idea of web apps. Ironically, web apps are now making something of an HTML-5-and-4G-networks-fuelled comeback, as those two innovations make it possible to deliver an experience far closer to that of a native app than was possible in the far-off days of 2007.

Apple sold about six million of the original iPhone, eventually introducing a 16GB model to improve on the original’s 4GB of memory. It’s hard to imagine some aren’t still working, as the presence of WiFi means they’d still be useful in-home browsing devices or iPods even if the idea of using EDGE now seems painful.

One last observation: support for the first iPhone will expire after six years. Windows XP’s end will come thirteen years after its debut. One of the products is considered to have changed the world. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/iphone_one_support_ends/

Support for Apple’s original iPhone will end on June 11, according to a report from 9 to 5 Mac which got its hands on an advisory (JPG) sent to Apple shops advising of products the fruity company will no longer support.

Announced in early 2007 and then released in June of that year, the first iPhone’s breakthrough feature features were a touch screen, browser and EDGE networking. The combination of the three made for a very fine experience in 2007, when phone screens were small, user interfaces cluttered and download speeds slower than the 384 kb/s EDGE achieved in its best moments.

To understand why that combination was a hit, consider the competition such as Nokia’s N95, a standout phone at the time but one that also offered only a 2.6”, 240 x 320 pixels, screen. The N95 was a “slider” that concealed a second set of controls beneath its screen, an arrangement that now sounds confusing but which at the time we felt, in this review “ … doesn’t compromise on size or functionality, and for once avoids the unnecessary irritations that have spoiled past N series phones.”

The Nokia N95 and its dual control panels

In the same year Motorola refreshed its clamshell RAZR line with the RAZR 2, another EDGE device with a 240×320 screen. BlackBerry’s 2007 effort was the 8800 series, which like the N95 offered GPS facilities and a browser. But the base model didn’t offer WiFi – that came along a month or three later in the 8820, which we felt didn’t implement the wireless technology very well.

Little wonder then that the first iPhone, with its Jobsian integration, excited many, including Reg hack Cade Metz, who queued to buy one and then filed this generally positive review.

His conclusion? “The iPhone is so much fun – and irritating – because it’s such a departure from what’s come before.”

One thing that review doesn’t mention is apps, because the first iPhone didn’t have any beyond those Apple built into the first version of iOS. Steve Jobs thought they were a bad idea as he felt third-party developers would sully the overall iPhone experience. Walt Isaacson’s biography of Jobs quotes then Apple Board member Art Levinson as saying he fought hard to turn Jobs around on the matter (page 501 of the Australian hardback edition).

An image of the iPhone from the Reg archives, uploaded on Jan 9, 2007

The first iPhone instead offered web applications, sites presented in the same resolution 320×480 resolution as the phone’s screen and which offered simple interactivity by presenting a new screen after each interaction. Your correspondent recalls an anemic text adventure being bookmarked by default in a new iPhone 3G acquired in 2008, a time at which apps were available but Apple still liked the idea of web apps. Ironically, web apps are now making something of an HTML-5-and-4G-networks-fuelled comeback, as those two innovations make it possible to deliver an experience far closer to that of a native app than was possible in the far-off days of 2007.

Apple sold about six million of the original iPhone, eventually introducing a 16GB model to improve on the original’s 4GB of memory. It’s hard to imagine some aren’t still working, as the presence of WiFi means they’d still be useful in-home browsing devices or iPods even if the idea of using EDGE now seems painful.

One last observation: support for the first iPhone will expire after six years. Windows XP’s end will come thirteen years after its debut. One of the products is considered to have changed the world. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/iphone_one_support_ends/

Support for Apple’s original iPhone will end on June 11, according to a report from 9 to 5 Mac which got its hands on an advisory (JPG) sent to Apple shops advising of products the fruity company will no longer support.

Announced in early 2007 and then released in June of that year, the first iPhone’s breakthrough feature features were a touch screen, browser and EDGE networking. The combination of the three made for a very fine experience in 2007, when phone screens were small, user interfaces cluttered and download speeds slower than the 384 kb/s EDGE achieved in its best moments.

To understand why that combination was a hit, consider the competition such as Nokia’s N95, a standout phone at the time but one that also offered only a 2.6”, 240 x 320 pixels, screen. The N95 was a “slider” that concealed a second set of controls beneath its screen, an arrangement that now sounds confusing but which at the time we felt, in this review “ … doesn’t compromise on size or functionality, and for once avoids the unnecessary irritations that have spoiled past N series phones.”

The Nokia N95 and its dual control panels

In the same year Motorola refreshed its clamshell RAZR line with the RAZR 2, another EDGE device with a 240×320 screen. BlackBerry’s 2007 effort was the 8800 series, which like the N95 offered GPS facilities and a browser. But the base model didn’t offer WiFi – that came along a month or three later in the 8820, which we felt didn’t implement the wireless technology very well.

Little wonder then that the first iPhone, with its Jobsian integration, excited many, including Reg hack Cade Metz, who queued to buy one and then filed this generally positive review.

His conclusion? “The iPhone is so much fun – and irritating – because it’s such a departure from what’s come before.”

One thing that review doesn’t mention is apps, because the first iPhone didn’t have any beyond those Apple built into the first version of iOS. Steve Jobs thought they were a bad idea as he felt third-party developers would sully the overall iPhone experience. Walt Isaacson’s biography of Jobs quotes then Apple Board member Art Levinson as saying he fought hard to turn Jobs around on the matter (page 501 of the Australian hardback edition).

An image of the iPhone from the Reg archives, uploaded on Jan 9, 2007

The first iPhone instead offered web applications, sites presented in the same resolution 320×480 resolution as the phone’s screen and which offered simple interactivity by presenting a new screen after each interaction. Your correspondent recalls an anemic text adventure being bookmarked by default in a new iPhone 3G acquired in 2008, a time at which apps were available but Apple still liked the idea of web apps. Ironically, web apps are now making something of an HTML-5-and-4G-networks-fuelled comeback, as those two innovations make it possible to deliver an experience far closer to that of a native app than was possible in the far-off days of 2007.

Apple sold about six million of the original iPhone, eventually introducing a 16GB model to improve on the original’s 4GB of memory. It’s hard to imagine some aren’t still working, as the presence of WiFi means they’d still be useful in-home browsing devices or iPods even if the idea of using EDGE now seems painful.

One last observation: support for the first iPhone will expire after six years. Windows XP’s end will come thirteen years after its debut. One of the products is considered to have changed the world. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/iphone_one_support_ends/

Support for Apple’s original iPhone will end on June 11, according to a report from 9 to 5 Mac which got its hands on an advisory (JPG) sent to Apple shops advising of products the fruity company will no longer support.

Announced in early 2007 and then released in June of that year, the first iPhone’s breakthrough feature features were a touch screen, browser and EDGE networking. The combination of the three made for a very fine experience in 2007, when phone screens were small, user interfaces cluttered and download speeds slower than the 384 kb/s EDGE achieved in its best moments.

To understand why that combination was a hit, consider the competition such as Nokia’s N95, a standout phone at the time but one that also offered only a 2.6”, 240 x 320 pixels, screen. The N95 was a “slider” that concealed a second set of controls beneath its screen, an arrangement that now sounds confusing but which at the time we felt, in this review “ … doesn’t compromise on size or functionality, and for once avoids the unnecessary irritations that have spoiled past N series phones.”

The Nokia N95 and its dual control panels

In the same year Motorola refreshed its clamshell RAZR line with the RAZR 2, another EDGE device with a 240×320 screen. BlackBerry’s 2007 effort was the 8800 series, which like the N95 offered GPS facilities and a browser. But the base model didn’t offer WiFi – that came along a month or three later in the 8820, which we felt didn’t implement the wireless technology very well.

Little wonder then that the first iPhone, with its Jobsian integration, excited many, including Reg hack Cade Metz, who queued to buy one and then filed this generally positive review.

His conclusion? “The iPhone is so much fun – and irritating – because it’s such a departure from what’s come before.”

One thing that review doesn’t mention is apps, because the first iPhone didn’t have any beyond those Apple built into the first version of iOS. Steve Jobs thought they were a bad idea as he felt third-party developers would sully the overall iPhone experience. Walt Isaacson’s biography of Jobs quotes then Apple Board member Art Levinson as saying he fought hard to turn Jobs around on the matter (page 501 of the Australian hardback edition).

An image of the iPhone from the Reg archives, uploaded on Jan 9, 2007

The first iPhone instead offered web applications, sites presented in the same resolution 320×480 resolution as the phone’s screen and which offered simple interactivity by presenting a new screen after each interaction. Your correspondent recalls an anemic text adventure being bookmarked by default in a new iPhone 3G acquired in 2008, a time at which apps were available but Apple still liked the idea of web apps. Ironically, web apps are now making something of an HTML-5-and-4G-networks-fuelled comeback, as those two innovations make it possible to deliver an experience far closer to that of a native app than was possible in the far-off days of 2007.

Apple sold about six million of the original iPhone, eventually introducing a 16GB model to improve on the original’s 4GB of memory. It’s hard to imagine some aren’t still working, as the presence of WiFi means they’d still be useful in-home browsing devices or iPods even if the idea of using EDGE now seems painful.

One last observation: support for the first iPhone will expire after six years. Windows XP’s end will come thirteen years after its debut. One of the products is considered to have changed the world. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/iphone_one_support_ends/

Support for Apple’s original iPhone will end on June 11, according to a report from 9 to 5 Mac which got its hands on an advisory (JPG) sent to Apple shops advising of products the fruity company will no longer support.

Announced in early 2007 and then released in June of that year, the first iPhone’s breakthrough feature features were a touch screen, browser and EDGE networking. The combination of the three made for a very fine experience in 2007, when phone screens were small, user interfaces cluttered and download speeds slower than the 384 kb/s EDGE achieved in its best moments.

To understand why that combination was a hit, consider the competition such as Nokia’s N95, a standout phone at the time but one that also offered only a 2.6”, 240 x 320 pixels, screen. The N95 was a “slider” that concealed a second set of controls beneath its screen, an arrangement that now sounds confusing but which at the time we felt, in this review “ … doesn’t compromise on size or functionality, and for once avoids the unnecessary irritations that have spoiled past N series phones.”

The Nokia N95 and its dual control panels

In the same year Motorola refreshed its clamshell RAZR line with the RAZR 2, another EDGE device with a 240×320 screen. BlackBerry’s 2007 effort was the 8800 series, which like the N95 offered GPS facilities and a browser. But the base model didn’t offer WiFi – that came along a month or three later in the 8820, which we felt didn’t implement the wireless technology very well.

Little wonder then that the first iPhone, with its Jobsian integration, excited many, including Reg hack Cade Metz, who queued to buy one and then filed this generally positive review.

His conclusion? “The iPhone is so much fun – and irritating – because it’s such a departure from what’s come before.”

One thing that review doesn’t mention is apps, because the first iPhone didn’t have any beyond those Apple built into the first version of iOS. Steve Jobs thought they were a bad idea as he felt third-party developers would sully the overall iPhone experience. Walt Isaacson’s biography of Jobs quotes then Apple Board member Art Levinson as saying he fought hard to turn Jobs around on the matter (page 501 of the Australian hardback edition).

An image of the iPhone from the Reg archives, uploaded on Jan 9, 2007

The first iPhone instead offered web applications, sites presented in the same resolution 320×480 resolution as the phone’s screen and which offered simple interactivity by presenting a new screen after each interaction. Your correspondent recalls an anemic text adventure being bookmarked by default in a new iPhone 3G acquired in 2008, a time at which apps were available but Apple still liked the idea of web apps. Ironically, web apps are now making something of an HTML-5-and-4G-networks-fuelled comeback, as those two innovations make it possible to deliver an experience far closer to that of a native app than was possible in the far-off days of 2007.

Apple sold about six million of the original iPhone, eventually introducing a 16GB model to improve on the original’s 4GB of memory. It’s hard to imagine some aren’t still working, as the presence of WiFi means they’d still be useful in-home browsing devices or iPods even if the idea of using EDGE now seems painful.

One last observation: support for the first iPhone will expire after six years. Windows XP’s end will come thirteen years after its debut. One of the products is considered to have changed the world. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/iphone_one_support_ends/

Support for Apple’s original iPhone will end on June 11, according to a report from 9 to 5 Mac which got its hands on an advisory (JPG) sent to Apple shops advising of products the fruity company will no longer support.

Announced in early 2007 and then released in June of that year, the first iPhone’s breakthrough feature features were a touch screen, browser and EDGE networking. The combination of the three made for a very fine experience in 2007, when phone screens were small, user interfaces cluttered and download speeds slower than the 384 kb/s EDGE achieved in its best moments.

To understand why that combination was a hit, consider the competition such as Nokia’s N95, a standout phone at the time but one that also offered only a 2.6”, 240 x 320 pixels, screen. The N95 was a “slider” that concealed a second set of controls beneath its screen, an arrangement that now sounds confusing but which at the time we felt, in this review “ … doesn’t compromise on size or functionality, and for once avoids the unnecessary irritations that have spoiled past N series phones.”

The Nokia N95 and its dual control panels

In the same year Motorola refreshed its clamshell RAZR line with the RAZR 2, another EDGE device with a 240×320 screen. BlackBerry’s 2007 effort was the 8800 series, which like the N95 offered GPS facilities and a browser. But the base model didn’t offer WiFi – that came along a month or three later in the 8820, which we felt didn’t implement the wireless technology very well.

Little wonder then that the first iPhone, with its Jobsian integration, excited many, including Reg hack Cade Metz, who queued to buy one and then filed this generally positive review.

His conclusion? “The iPhone is so much fun – and irritating – because it’s such a departure from what’s come before.”

One thing that review doesn’t mention is apps, because the first iPhone didn’t have any beyond those Apple built into the first version of iOS. Steve Jobs thought they were a bad idea as he felt third-party developers would sully the overall iPhone experience. Walt Isaacson’s biography of Jobs quotes then Apple Board member Art Levinson as saying he fought hard to turn Jobs around on the matter (page 501 of the Australian hardback edition).

An image of the iPhone from the Reg archives, uploaded on Jan 9, 2007

The first iPhone instead offered web applications, sites presented in the same resolution 320×480 resolution as the phone’s screen and which offered simple interactivity by presenting a new screen after each interaction. Your correspondent recalls an anemic text adventure being bookmarked by default in a new iPhone 3G acquired in 2008, a time at which apps were available but Apple still liked the idea of web apps. Ironically, web apps are now making something of an HTML-5-and-4G-networks-fuelled comeback, as those two innovations make it possible to deliver an experience far closer to that of a native app than was possible in the far-off days of 2007.

Apple sold about six million of the original iPhone, eventually introducing a 16GB model to improve on the original’s 4GB of memory. It’s hard to imagine some aren’t still working, as the presence of WiFi means they’d still be useful in-home browsing devices or iPods even if the idea of using EDGE now seems painful.

One last observation: support for the first iPhone will expire after six years. Windows XP’s end will come thirteen years after its debut. One of the products is considered to have changed the world. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/iphone_one_support_ends/

D-Link and Vivotek have submitted their entries for “dumbest security vulnerability of 2013”, with Core Security turning up a variety of daft bugs in their IP cameras, including hard-coded backdoor passwords.

The advisories are here for Vivotek and here for D-Link. D-Link has told Core Security it is preparing a fix, but the researchers were unable to elicit a response from Vivotek.

The D-Link vulnerabilities include:

• Operating system command injection: The cameras’ Web interface parses incoming CGI scripts in a way that allows arbitrary commands to be passed to the operating system.
• Authentication bypass: Appending /upnp/asf-mp4.asf to the camera’s root URL accesses the video stream without authentication.
• Video leaks as ASCII: An ASCII stream of the video luminance is accessible without authentication using the path /md/lums.cgi.
• RTSP authentication bypass: This also allows unauthenticated access to the video stream.
• Hard-coded RTSP credentials: *? is a hard-coded backdoor into the cameras.

Vivotek’s blunders include:

• Plaintext password storage: Sensitive information is stored in files accessible with the URL paths /cgi-bin/admin/getparam.cgi and /setup/parafile.html.
• Remote buffer overflow: There’s a buffer overrun in the RTSP service.
• RTSP authentication bypass: A crafted URL sent to the Vivotek PT7135 camera provides unauthenticated access to the video stream.
• User credential leaks: Firmware version 0300a on Vivotek cameras allows remote attackers to dump the camera’s memory and extract user credentials. The juicy stuff is kept in the Linux virtual file system object /proc/kcore.
• Command injection: A binary file in the camera has a flaw allowing remote command injection.

Unless users get busy with upgrading their firmware, The Register imagines all kinds of unwanted “private” videos will start turning up. More seriously, however, it’s also likely – knowing the bad habits not just of users, but of many sysadmins – that leaked credentials will be replicated on other bits of network infrastructure.

Core Security’s advisories include a full list of devices confirmed as vulnerable.®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/ip_cameras_with_dumb_vulns/

D-Link and Vivotek have submitted their entries for “dumbest security vulnerability of 2013”, with Core Security turning up a variety of daft bugs in their IP cameras, including hard-coded backdoor passwords.

The advisories are here for Vivotek and here for D-Link. D-Link has told Core Security it is preparing a fix, but the researchers were unable to elicit a response from Vivotek.

The D-Link vulnerabilities include:

• Operating system command injection: The cameras’ Web interface parses incoming CGI scripts in a way that allows arbitrary commands to be passed to the operating system.
• Authentication bypass: Appending /upnp/asf-mp4.asf to the camera’s root URL accesses the video stream without authentication.
• Video leaks as ASCII: An ASCII stream of the video luminance is accessible without authentication using the path /md/lums.cgi.
• RTSP authentication bypass: This also allows unauthenticated access to the video stream.
• Hard-coded RTSP credentials: *? is a hard-coded backdoor into the cameras.

Vivotek’s blunders include:

• Plaintext password storage: Sensitive information is stored in files accessible with the URL paths /cgi-bin/admin/getparam.cgi and /setup/parafile.html.
• Remote buffer overflow: There’s a buffer overrun in the RTSP service.
• RTSP authentication bypass: A crafted URL sent to the Vivotek PT7135 camera provides unauthenticated access to the video stream.
• User credential leaks: Firmware version 0300a on Vivotek cameras allows remote attackers to dump the camera’s memory and extract user credentials. The juicy stuff is kept in the Linux virtual file system object /proc/kcore.
• Command injection: A binary file in the camera has a flaw allowing remote command injection.

Unless users get busy with upgrading their firmware, The Register imagines all kinds of unwanted “private” videos will start turning up. More seriously, however, it’s also likely – knowing the bad habits not just of users, but of many sysadmins – that leaked credentials will be replicated on other bits of network infrastructure.

Core Security’s advisories include a full list of devices confirmed as vulnerable.®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/ip_cameras_with_dumb_vulns/

D-Link and Vivotek have submitted their entries for “dumbest security vulnerability of 2013”, with Core Security turning up a variety of daft bugs in their IP cameras, including hard-coded backdoor passwords.

The advisories are here for Vivotek and here for D-Link. D-Link has told Core Security it is preparing a fix, but the researchers were unable to elicit a response from Vivotek.

The D-Link vulnerabilities include:

• Operating system command injection: The cameras’ Web interface parses incoming CGI scripts in a way that allows arbitrary commands to be passed to the operating system.
• Authentication bypass: Appending /upnp/asf-mp4.asf to the camera’s root URL accesses the video stream without authentication.
• Video leaks as ASCII: An ASCII stream of the video luminance is accessible without authentication using the path /md/lums.cgi.
• RTSP authentication bypass: This also allows unauthenticated access to the video stream.
• Hard-coded RTSP credentials: *? is a hard-coded backdoor into the cameras.

Vivotek’s blunders include:

• Plaintext password storage: Sensitive information is stored in files accessible with the URL paths /cgi-bin/admin/getparam.cgi and /setup/parafile.html.
• Remote buffer overflow: There’s a buffer overrun in the RTSP service.
• RTSP authentication bypass: A crafted URL sent to the Vivotek PT7135 camera provides unauthenticated access to the video stream.
• User credential leaks: Firmware version 0300a on Vivotek cameras allows remote attackers to dump the camera’s memory and extract user credentials. The juicy stuff is kept in the Linux virtual file system object /proc/kcore.
• Command injection: A binary file in the camera has a flaw allowing remote command injection.

Unless users get busy with upgrading their firmware, The Register imagines all kinds of unwanted “private” videos will start turning up. More seriously, however, it’s also likely – knowing the bad habits not just of users, but of many sysadmins – that leaked credentials will be replicated on other bits of network infrastructure.

Core Security’s advisories include a full list of devices confirmed as vulnerable.®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/ip_cameras_with_dumb_vulns/

D-Link and Vivotek have submitted their entries for “dumbest security vulnerability of 2013”, with Core Security turning up a variety of daft bugs in their IP cameras, including hard-coded backdoor passwords.

The advisories are here for Vivotek and here for D-Link. D-Link has told Core Security it is preparing a fix, but the researchers were unable to elicit a response from Vivotek.

The D-Link vulnerabilities include:

• Operating system command injection: The cameras’ Web interface parses incoming CGI scripts in a way that allows arbitrary commands to be passed to the operating system.
• Authentication bypass: Appending /upnp/asf-mp4.asf to the camera’s root URL accesses the video stream without authentication.
• Video leaks as ASCII: An ASCII stream of the video luminance is accessible without authentication using the path /md/lums.cgi.
• RTSP authentication bypass: This also allows unauthenticated access to the video stream.
• Hard-coded RTSP credentials: *? is a hard-coded backdoor into the cameras.

Vivotek’s blunders include:

• Plaintext password storage: Sensitive information is stored in files accessible with the URL paths /cgi-bin/admin/getparam.cgi and /setup/parafile.html.
• Remote buffer overflow: There’s a buffer overrun in the RTSP service.
• RTSP authentication bypass: A crafted URL sent to the Vivotek PT7135 camera provides unauthenticated access to the video stream.
• User credential leaks: Firmware version 0300a on Vivotek cameras allows remote attackers to dump the camera’s memory and extract user credentials. The juicy stuff is kept in the Linux virtual file system object /proc/kcore.
• Command injection: A binary file in the camera has a flaw allowing remote command injection.

Unless users get busy with upgrading their firmware, The Register imagines all kinds of unwanted “private” videos will start turning up. More seriously, however, it’s also likely – knowing the bad habits not just of users, but of many sysadmins – that leaked credentials will be replicated on other bits of network infrastructure.

Core Security’s advisories include a full list of devices confirmed as vulnerable.®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/05/01/ip_cameras_with_dumb_vulns/