Security appliances are riddled with serious vulnerabilities, researcher says@ 2013/03/15
Most security appliances are poorly maintained Linux systems with insecure Web applications installed on them, according to Ben Williams, a penetration tester at NCC Group, who presented his findings Thursday at the Black Hat Europe 2013 security conference in Amsterdam. His talk was entitled, "Ironic Exploitation of Security Products."
Williams investigated products from some of the leading security vendors, including Symantec, Sophos, Trend Micro, Cisco, Barracuda, McAfee and Citrix. Some were analyzed as part of penetration tests, some as part of product evaluations for customers, and others in his spare time.