Showing Posts From

April 2014

Windows Phone 8 Application Security Slides Syscan 2014

MWR researchers Alex Plaskett and Nick Walker presented slides at Syscan 2014 analyzing Windows Phone 8 application security. The presentation covered novel vulnerabilities in mobile app development. Slides provide programmatic guidance for developers to improve Windows Phone 8 application security.

Windows Phone 8 Application Security Whitepaper Syscan 2014

A whitepaper on Windows Phone 8 application security was presented at Syscan 2014. The research identified common developer mistakes that introduce security vulnerabilities in Windows Phone 8 applications. The whitepaper provides guidance on detecting and mitigating specific application security weaknesses in the platform.

Laravel cookie forgery, decryption, and RCE

A critical vulnerability in Laravel's encryption API allowed attackers to forge session cookies and impersonate users. The flaw enabled potential remote code execution by exploiting weaknesses in MAC verification, IV handling, and PHP object deserialization. Attackers could manipulate cookies to authenticate as any user and potentially inject malicious code through serialized PHP objects.

WordPress auth cookie forgery

A vulnerability in WordPress's authentication cookie validation allows potential cookie forgery through PHP type juggling. The flaw enables attackers to bypass authentication by exploiting non-strict comparison methods in the cookie verification code. Two attack vectors were identified: MAC verification bypass and potential timing attacks to determine expected MAC values.

  • 8 Apr 2014

HackFu Challenge 2014

HackFu 2014 is a prestigious hacking event offering 10 invitations to cybersecurity professionals. The challenge involves solving puzzles and tracking down an enemy agent named Ilichy. Participants can win entry to a multi-day hacking competition in the UK, with potential prizes including event admission, accommodation, and travel support.