Tuesday, May 15, 2012

#HITB2012AMS: Security Bigwigs and Hacker Crème de la Crème Converge in Amsterdam Next Week


 
Hi guys! We’re less than a week away from #HITB2012AMS and we’re super excited to welcome you there! 
Read more »
Posted by Guest Post at 9:27 AM 0 comments
Labels: , , ,

Thursday, May 3, 2012

Enter the Dragon(Book), Pt 2

Nobody has been able to find this backdoor to date (one reason I’m talking about it).
Read more »
Posted by Shane Macaulay at 1:17 PM 0 comments
Labels: , , , , ,

Wednesday, April 25, 2012

Thoughts on AppSecDC 2012


The first week of April brought another edition of AppSecDC to Washington, D.C., but this year people from two different worlds came to the same conference: Web security and Industrial Control Systems security.  Of course, at the device level this convergence happened a long time ago if we take into account that almost every modern PLC  includes at least a web server, among other things.
Read more »
Posted by Ruben at 11:20 AM 0 comments
Labels: , , , , , ,

Thursday, April 12, 2012

TLS Renegotiation and Load Balancers


I seem to be fielding more and more questions of late around the rather well-known SSLv3 and TLS renegotiation flaw. For those who aren’t familiar, the TLS renegotiation flaw allows the injection of data into a SSLv3 or TLS stream, potentially causing data injection or the program to misbehave in some other fashion. It is not a full man-in-the-middle attack because the attacker can't read what's in the data stream, only inject into it. Ultimately, this is a protocol flaw—one that's been fixed as an extension to TLS as dictated by RFC 5746—but adoption in SSL libraries has been relatively slow.

Read more »
Posted by Robert Zigweid at 1:04 PM 0 comments
Labels: , , , ,

Wednesday, April 4, 2012

Hackito Ergo Sum: Not Just Another Conference

My name is Jonathan Brossard, but you may know me under the nic Endrazine. Or maybe as the CEO of Toucan System.. Nevermind: I'm a hacker. Probably like yourself, if you're reading this blog post. Along with my friends Matthieu Suiche and Philippe Langlois,—with the invaluable help of a large community worldwide—we're trying to build a conference like no other: Hackito Ergo Sum.

Read more »
Posted by Guest Post at 1:05 PM 1 comments
Labels: , , , , , , , ,

Monday, March 12, 2012

Hackito Ergo Sum 2012


This short post is to invite you to an excellent conference: Hackito Ergo Sum 2012, I will be presenting  Easy Local WindowsKernel Exploitation and we have some free tickets to give away so email ASAP to info@ioactive.com asking for them. See you there!
Posted by Cesar at 8:20 PM 0 comments
Labels: , , , , ,

Tuesday, March 6, 2012

Enter the Dragon(Book), Part 1

This is a fairly large topic; I’ve summarized and written in a somewhat narrative/blog friendly way here.

A few years ago I was reading a blog about STL memory allocators (http://blogs.msdn.com/b/vcblog/archive/2008/08/28/the-mallocator.aspx), memory allocators being a source of extreme security risk, I took the author’s statement, “I've carefully implemented all of the integer overflow checks and so forth that would be required in real production code.” as a bit of a challenge.

Read more »
Posted by Shane Macaulay at 12:28 PM 1 comments
Labels: , , , , , , ,
Subscribe to: Posts (Atom)