Few posts lately. Been busy with travel & research work on the side.
Posted a new Moxa MiiNePort advisory today. It's been 5 months that I reported it to vendor via CERT team. And Moxa came back finally saying they will fix stuff in August. Same goes with other vendors. Heck, some of the vendors take weeks to reply back.
RFD is the right way to disclose security flaws, and CERT guys are super helpful, but just a few vendors seem to take it seriously, and handle RFD communication professionally & responsibly. Sucks!
Anyhow, watch the space on for 5-6 freshly baked, 0-day advisories & 1 new Metasploit auxiliary module, coming up soon. I have already shared some of those with CERT/ICS-CERT, & as for others, giving a thought. I'll probably start releasing them soon and not wait on vendors for months.
It'd be cool to release those at some conference.! If you have any suggestions, drop in a comment.