{"id":640700,"date":"2013-01-31T05:06:29","date_gmt":"2013-01-31T10:06:29","guid":{"rendered":"http:\/\/betanews.com\/?p=127383"},"modified":"2013-01-31T05:06:29","modified_gmt":"2013-01-31T10:06:29","slug":"scannow-for-universal-plug-and-play-warns-if-your-network-is-vulnerable-to-the-latest-security-flaws","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/640700","title":{"rendered":"ScanNow for Universal Plug and Play warns if your network is vulnerable to the latest security flaws"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-medium wp-image-34007\" title=\"Security\" src=\"http:\/\/betanews.com\/wp-content\/uploads\/2011\/09\/shutterstock_24183556-300x225.jpg\" alt=\"\" width=\"300\" height=\"225\" \/>Rapid7 &#8212; the security company behind vulnerability scanner Metasploit &#8212; has released details on three security flaws affecting some Universal Plug and Play implementations. And their research indicates that 40 to 50 million IPs are vulnerable to at least one of those vulnerabilities, which <a title=\"Rapid7\" href=\"http:\/\/www.rapid7.com\/resources\/free-security-software-downloads\/universal-plug-and-play-jan-2013.jsp\" >the company says<\/a> is exposing users &#8220;to remote attacks that could result in the theft of sensitive information&#8221;.<\/p>\n<p>Could you be vulnerable? Fortunately Rapid7 has provided a free Windows-based tool, <a title=\"ScanNow for UPnP\" href=\"http:\/\/www.downloadcrew.com\/article\/29462-scannow_for_upnp\" >ScanNow for Universal Plug and Play<\/a>, to help you find out.<\/p>\n<p>The program is portable, as you\u2019d expect &#8212; no need for installation here. And it\u2019s relatively easy to use. After registering your use of the program by providing your email address, all you have to do is provide the IP range you\u2019d like to scan (ScanNow detects and provides sensible defaults) and then wait as it checks your network.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright size-medium wp-image-127384\" title=\"Scannow\" src=\"http:\/\/betanews.com\/wp-content\/uploads\/2013\/01\/Scannow-300x260.png\" alt=\"\" width=\"300\" height=\"260\" \/>Once the process has finished you\u2019ll see the ScanNow report. This starts by detailing the vulnerabilities it\u2019s been looking for, so you\u2019ll need to scroll down to the more interesting &#8220;Overview of Results&#8221;, which will reveal the number of network devices detected and how many of these were flagged as &#8220;Exploitable&#8221;.<\/p>\n<p>And the &#8220;Result Details&#8221; section then lists which IP addresses have a detected device, and which of these appears to be vulnerable to the new security holes.<\/p>\n<p>If it turns out you have an exploitable device then don\u2019t panic just yet, it\u2019s not necessarily a total disaster. If the device can\u2019t be accessed from outside of your network, for instance, then it\u2019s not going to get hacked.<\/p>\n<p>When a device is facing the internet, though, you should definitely look at disabling its UPnP implementation. And arguably if you don\u2019t need the technology then it\u2019s a good idea to do this anyway (UPnP has had plenty of vulnerabilities discovered before, and we\u2019ve no doubt others will appear in the future). Check your hardware documentation for more details.<\/p>\n<p>And it may also be worth monitoring your network hardware manufacturer\u2019s websites over the next few days to pick up on any response. Right now, for instance, Cisco have posted a <a title=\"Cisco Security Advisory\" href=\"http:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20130129-upnp\" >Security Advisory<\/a> for Cisco products, and a <a title=\"Linksys Knowledge Base\" href=\"http:\/\/homekb.cisco.com\/Cisco2\/ukp.aspx?vw=1&amp;articleid=28341\" >Knowledge Base article<\/a> which details Linksys products known to be affected, and what to do about this. And we\u2019ve no doubt that further responses will be appearing very soon. <strong><\/strong><\/p>\n<p><strong>Photo credit:<\/strong> <a href=\"http:\/\/www.shutterstock.com\/gallery-54269p1.html\" >Andrea Danti<\/a>\/<a href=\"http:\/\/www.shutterstock.com\/\" >Shutterstock<\/a><\/p>\n<div class=\"feedflare\">\n<a href=\"http:\/\/feeds.betanews.com\/~ff\/bn?a=Vyr-WvBR00A:TNFb-QXJu40:qj6IDK7rITs\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/bn?d=qj6IDK7rITs\" border=\"0\"><\/img><\/a> <a href=\"http:\/\/feeds.betanews.com\/~ff\/bn?a=Vyr-WvBR00A:TNFb-QXJu40:yIl2AUoC8zA\"><img decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~ff\/bn?d=yIl2AUoC8zA\" border=\"0\"><\/img><\/a>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/feeds.feedburner.com\/~r\/bn\/~4\/Vyr-WvBR00A\" height=\"1\" width=\"1\"\/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rapid7 &#8212; the security company behind vulnerability scanner Metasploit &#8212; has released details on three security flaws affecting some Universal Plug and Play implementations. And their research indicates that 40 to 50 million IPs are vulnerable to at least one of those vulnerabilities, which the company says is exposing users &#8220;to remote attacks that could [&hellip;]<\/p>\n","protected":false},"author":7429,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-640700","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/640700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/7429"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=640700"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/640700\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=640700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=640700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=640700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}