-
Martyn Ruks - 14 Sep 2010
Middleware Risks: Guidance for IT Security Managers
A whitepaper examines risks associated with middleware technologies, specifically WebSphere MQ. The document provides guidance for IT security managers on assessing and addressing potential vulnerabilities in middleware systems. The goal is to help organizations better understand and mitigate middleware-related security risks.
- 2 Sep 2010
Assessing the Tux Strength: Part 2 - Into the Kernel
This article examines Linux kernel security features across different distributions. It analyzes memory protection mechanisms and randomization techniques using tools like paxtest. The research reveals varying levels of kernel-level security settings, with most distributions showing vulnerabilities to certain exploitation techniques. Gentoo with a PaX kernel demonstrated the most robust security settings.
- 16 Aug 2010
Recent Palm webOS Vulnerabilities - MWR InfoSecurity Clarification
MWR InfoSecurity identified two vulnerabilities in Palm WebOS in May 2010. One local service vulnerability was fixed in version 1.4.5, while a vCard parsing vulnerability remained unaddressed. The company aimed to highlight smartphone security risks through responsible disclosure.
- Martyn Ruks
- 13 Aug 2010
Banking Sector Security - Annual Research Review
MWR Labs published its annual research review focused on security technologies in the banking sector for 2010. The whitepaper provides insights into cybersecurity research conducted within financial services. The document aims to share findings and technological assessments from investigations during that year.
- 16 Jul 2010
Just Arrived! - Max Pwnage
MWR Labs released Max Pwnage trading cards highlighting significant computer security vulnerabilities from the past 30 years. The cards are available to clients and conference attendees at multiple cybersecurity events in 2010. Max Pwnage is a fictional character representing the discovery and exploitation of computer system vulnerabilities.
- 7 Jul 2010
Palm webOS 1.4.5 fixes security issue found by MWR InfoSecurity
Palm released webOS version 1.4.5 to address a security vulnerability discovered by MWR InfoSecurity. A detailed advisory will be published after most devices have been updated. The update is being distributed by mobile carriers.
- 2 Jun 2010
Brave New 64-Bit World
The whitepaper examines the transition from 32-bit to 64-bit computing architectures driven by increasing memory requirements. It explores potential security implications that arise when software is ported to 64-bit systems. The document highlights unexpected challenges that emerge during this technological shift.
- 2 Jun 2010
Journey to the Centre of the Breach
This whitepaper explores computer forensics techniques for investigating a server security breach. It details a case study of an FTP server incident, demonstrating how digital forensic methods can be applied to log file analysis and malware reverse engineering. The document highlights the broader application of forensic investigation techniques beyond law enforcement.
- 30 Mar 2010
CanSecWest 2010
CanSecWest 2010 was a cybersecurity conference featuring notable security research presentations and the Pwn2Own hacking contest. Presentations covered diverse topics including collaborative reverse engineering, fuzzing techniques, kernel vulnerabilities, and wireless device security. The Pwn2Own contest demonstrated successful exploits across multiple web browsers and mobile platforms.
- 8 Mar 2010
Video: How To Be An RSol: Effective Bug Hunting in Solaris - ShmooCon 2010
A video from ShmooCon 2010 presents a Ruby-based Solaris debugging library. The presentation includes a video and slides discussing the library and its proof-of-concept tools. Materials from the talk are available online for review.
- 5 Mar 2010
Presentation: ShmooCon 2010 - How To Be An RSol: Effective Bug Hunting in Solaris
Matt Hillman presented a research talk at ShmooCon 2010 about Solaris bug hunting techniques. The presentation demonstrated a Ruby-based debugging interface for Solaris that enables advanced software testing methods. The tool supports fault monitoring, code coverage, run tracing, code profiling, and fault injection.
- 25 Jan 2010
Aurora and Web Browser Security
A technical analysis of web browser security in 2010 revealed significant Address Space Layout Randomization (ASLR) vulnerabilities across major browsers. The study compared default installations of Internet Explorer, Firefox, Opera, Safari, and Chrome on Windows 7, highlighting inconsistent implementation of security mitigation techniques. Market share and exploit complexity were identified as key factors in browser security risks.