-
Alex Plaskett - 10 Nov 2011
Windows Pwn 7 OEM - Owned Every Mobile?
Alex Plaskett presented research on Windows Phone 7 security vulnerabilities at multiple cybersecurity conferences. The presentation explored the Windows Phone 7 security model and potential system weaknesses. Technical findings and exploitation techniques were demonstrated during the talks.
- 4 Nov 2011
A taste of Finland - T2 2011
T2 2011 was an intimate Finnish cybersecurity conference featuring technical talks from industry experts. The event covered diverse topics including cyber terrorism, botnet disruption, and emerging security research. Speakers presented innovative technical insights across areas like mobile security, firmware extraction, and cyber threat analysis.
- 14 Jul 2011
USB Fuzzing for the Masses
This article explores USB fuzzing techniques for discovering vulnerabilities in device drivers across different platforms. Multiple approaches to USB fuzzing are discussed, including virtualized fuzzing using Qemu and hardware-based fuzzing methods. The research highlights potential security risks in USB device driver implementations, demonstrating techniques for crash debugging and vulnerability exploitation.
- 7 Jul 2011
Debuggable Apps in Android Market
A security analysis of Android applications revealed that approximately 5% of popular free apps are shipped with debugging enabled. Debuggable applications can be exploited by malicious apps to establish a JDWP connection and gain full access to the Java process. Developers are advised to disable debugging before shipping applications to prevent potential security risks.
- 30 Jun 2011
To the victor goes the gold, to the loser ...
HackFu is a cybersecurity challenge involving two complex technical puzzles set on a fictional "Hacker Island". The challenges require solving network forensics and signal interception problems to uncover hidden information. Participants were tasked with investigating a virtual treasure chest theft and decoding enemy communications using provided network captures.
- 18 May 2011
The Google Android Update Dilemma
The Android update process involves multiple parties including Google, device vendors, and carriers, creating a complex and fragmented security update mechanism. This multi-stage update chain introduces significant delays and vulnerabilities, as patches must pass through numerous intermediaries before reaching end-users. Google's recent update initiative fails to comprehensively address the fundamental security challenges in Android's update ecosystem.
- 20 Apr 2011
HackFu 2011 - The Countdown Continues
MWR's annual HackFu cybersecurity event is scheduled for early June with the theme "The Secret of Hacker Island". The event will feature a mysterious location and challenging competition, following the previous year's Cold War-themed event in a nuclear bunker. Special guest invitations have been sent out, with event details remaining confidential.
- 24 Dec 2010
Forensic Readiness: A Primer
Forensic readiness is a critical component of cybersecurity incident management. The article outlines six key strategies for organizations to prepare for potential security incidents, including accepting that incidents will occur, educating staff, maintaining flexible response plans, enabling communication, implementing robust logging, and dedicating appropriate budget and resources.
- 17 Nov 2010
A Postcard From Finland!
The article recounts the T2'10 security conference held in Helsinki, featuring technical presentations by MWR InfoSecurity researchers. Talks focused on mobile platform and smart card vulnerabilities, including live demonstrations of attacks on Google Android and Palm WebOS devices. The conference emphasized knowledge sharing and technical research in cybersecurity.
- 18 Oct 2010
Building Android Sandcastles in Android's Sandbox
This paper examines Android's sandbox architecture and security vulnerabilities beyond traditional kernel-level exploits. The study shifts focus to analyzing systemic and third-party application security risks in the Android ecosystem. The research explores potential security weaknesses in Android's application isolation and sandbox implementation.
- 14 Sep 2010
A Reason to Visit Stockholm in September?
The SEC-T security conference in Stockholm showcased high-quality cybersecurity talks by MWR InfoSecurity. Presentations covered deployment solution risks, physical security penetration testing, and social engineering methodologies. The conference offered innovative and engaging presentations that provided deep insights into security testing techniques.
- 14 Sep 2010
Career Opportunities at MWR
MWR InfoSecurity is recruiting technical consultants for its Technical Consultancy Team. The company seeks professionals with strong information security skills to work on client projects and MWR Labs initiatives. Interested candidates are invited to submit their CV and covering letter to the recruitment email address.