Why are the default credentials in the realm attribute?

Recently, I was poking around on Shodan (as I do when I am bored) and I stumbled across an interesting query.  If you search for “Default: admin/1234”, you get over 14,000 devices that are broadcasting their own default username and password.  The devices appear to be Edimax routers.  I reached out to both EmbedThis and Edimax to ask them about this. …

Continue reading "Why are the default credentials in the realm attribute?"

How to generate keys with the Web Cryptography API

I have been playing around with the Web Cryptography API a lot lately.  My most recent post was about getRandomValues().  I wanted to take a moment to investigate two more methods: generateKey() and exportKey().  The generation of a good cryptographic key is fairly fundamental.  I wrote up a short demo app, to demonstrate how the two …

Continue reading "How to generate keys with the Web Cryptography API"

How to use Nmap to identify what a server is running

Whether you are attacking a computer or protecting it, proper intelligence about a computer is important.  A very powerful option for learning about a given system is Nmap.  According to Nmap’s website: Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) …

Continue reading "How to use Nmap to identify what a server is running"