The Research Blog

• 30 Jun 2011

To the victor goes the gold, to the loser ...

HackFu is a cybersecurity challenge involving two complex technical puzzles set on a fictional "Hacker Island". The challenges require solving network forensics and signal interception problems to uncover hidden information. Participants were tasked with investigating a virtual treasure chest theft and decoding enemy communications using provided network captures.

• 18 May 2011

The Google Android Update Dilemma

The Android update process involves multiple parties including Google, device vendors, and carriers, creating a complex and fragmented security update mechanism. This multi-stage update chain introduces significant delays and vulnerabilities, as patches must pass through numerous intermediaries before reaching end-users. Google's recent update initiative fails to comprehensively address the fundamental security challenges in Android's update ecosystem.

• 20 Apr 2011

HackFu 2011 - The Countdown Continues

MWR's annual HackFu cybersecurity event is scheduled for early June with the theme "The Secret of Hacker Island". The event will feature a mysterious location and challenging competition, following the previous year's Cold War-themed event in a nuclear bunker. Special guest invitations have been sent out, with event details remaining confidential.

• 24 Dec 2010

Forensic Readiness: A Primer

Forensic readiness is a critical component of cybersecurity incident management. The article outlines six key strategies for organizations to prepare for potential security incidents, including accepting that incidents will occur, educating staff, maintaining flexible response plans, enabling communication, implementing robust logging, and dedicating appropriate budget and resources.

• 17 Nov 2010

A Postcard From Finland!

The article recounts the T2'10 security conference held in Helsinki, featuring technical presentations by MWR InfoSecurity researchers. Talks focused on mobile platform and smart card vulnerabilities, including live demonstrations of attacks on Google Android and Palm WebOS devices. The conference emphasized knowledge sharing and technical research in cybersecurity.

• Nils
• 18 Oct 2010

Building Android Sandcastles in Android's Sandbox

This paper examines Android's sandbox architecture and security vulnerabilities beyond traditional kernel-level exploits. The study shifts focus to analyzing systemic and third-party application security risks in the Android ecosystem. The research explores potential security weaknesses in Android's application isolation and sandbox implementation.

• 14 Sep 2010

A Reason to Visit Stockholm in September?

The SEC-T security conference in Stockholm showcased high-quality cybersecurity talks by MWR InfoSecurity. Presentations covered deployment solution risks, physical security penetration testing, and social engineering methodologies. The conference offered innovative and engaging presentations that provided deep insights into security testing techniques.

• 14 Sep 2010

Career Opportunities at MWR

MWR InfoSecurity is recruiting technical consultants for its Technical Consultancy Team. The company seeks professionals with strong information security skills to work on client projects and MWR Labs initiatives. Interested candidates are invited to submit their CV and covering letter to the recruitment email address.

• Martyn Ruks
• 14 Sep 2010

Middleware Risks: Guidance for IT Security Managers

A whitepaper examines risks associated with middleware technologies, specifically WebSphere MQ. The document provides guidance for IT security managers on assessing and addressing potential vulnerabilities in middleware systems. The goal is to help organizations better understand and mitigate middleware-related security risks.

• 2 Sep 2010

Assessing the Tux Strength: Part 2 - Into the Kernel

This article examines Linux kernel security features across different distributions. It analyzes memory protection mechanisms and randomization techniques using tools like paxtest. The research reveals varying levels of kernel-level security settings, with most distributions showing vulnerabilities to certain exploitation techniques. Gentoo with a PaX kernel demonstrated the most robust security settings.

• 16 Aug 2010

Recent Palm webOS Vulnerabilities - MWR InfoSecurity Clarification

MWR InfoSecurity identified two vulnerabilities in Palm WebOS in May 2010. One local service vulnerability was fixed in version 1.4.5, while a vCard parsing vulnerability remained unaddressed. The company aimed to highlight smartphone security risks through responsible disclosure.

• Martyn Ruks
• 13 Aug 2010

Banking Sector Security - Annual Research Review

MWR Labs published its annual research review focused on security technologies in the banking sector for 2010. The whitepaper provides insights into cybersecurity research conducted within financial services. The document aims to share findings and technological assessments from investigations during that year.