Showing Posts About

• 3 Dec 2009

DeepSec 2009 - Weapons of Mass Pwnage: Attacking Deployment Solutions

A presentation at DeepSec 2009 in Vienna explored security vulnerabilities in Symantec's Altiris Deployment Solution. Luke Jennings discussed potential weaknesses in enterprise deployment technologies. Presentation slides were made available to conference attendees.

• 3 Dec 2009

DeepSec 2009

DeepSec 2009 was a security conference in Vienna featuring diverse cybersecurity presentations. Talks covered topics including wireless keyboard sniffing, GSM encryption vulnerabilities, virtual machine rootkit detection, and browser attack surfaces. The conference provided insights into emerging security research and potential system vulnerabilities across various technological domains.

• Luke Jennings
• 3 Dec 2009

Weapons of Mass Pwnage: Attacking Deployment Solutions - DeepSec 2009

A presentation at DeepSec 2009 explored security vulnerabilities in Symantec's Altiris Deployment Solution. The talk by Luke Jennings examined potential weaknesses in enterprise deployment technologies. Presentation slides are available for download from the original source.

• 17 Nov 2009

Singing the Mainframe Security Blues?

This article explores the security challenges of legacy network protocols, particularly Systems Network Architecture (SNA), in enterprise environments. It emphasizes the critical importance of understanding network technologies beyond IP to effectively assess and mitigate security risks. The key message is that comprehensive network security requires deep knowledge of all protocols in use, not just modern IP-based technologies.

• Rafael Dominguez Vega
• 29 Oct 2009

USB Attacks: Fun with Plug and 0wn - T2'09

A presentation on USB attack techniques was given by Rafael Dominguez Vega at T2'09 in Helsinki, Finland. The presentation explored vulnerabilities related to USB attacks. Accompanying slides and an advisory were released detailing the research findings.

• 7 Sep 2009

Attacking Altiris at DeepSec '09

Luke Jennings will present research on vulnerabilities in Symantec's Altiris Deployment Solution at DeepSec '09 in Vienna. The presentation will focus on security issues in deployment technologies. Cybersecurity professionals interested in deployment solution security are encouraged to attend the conference.

• 1 Sep 2009

USB Research to be Presented at t2'09

A USB security research presentation will be given at T2 in Finland, focusing on attack methods and vulnerabilities in USB drivers. The talk will explore potential security risks associated with malicious USB devices and techniques for identifying and exploiting driver vulnerabilities. The presentation follows previous research presented at Defcon 17.

• 7 Aug 2009

Defcon 17

DefCon 17 featured technical talks covering diverse cybersecurity topics including wireless sensor exploitation, USB security vulnerabilities, and router hacking. Presentations explored critical security issues such as extracting encryption keys, inline hooking techniques, and vulnerability disclosure strategies. The conference highlighted emerging research on hardware and software vulnerabilities across technological domains.

• Rafael Dominguez Vega
• 4 Aug 2009

Fun with Plug & 0wn

Rafael Dominguez Vega presented USB security research at Defcon 17 in Las Vegas on August 2nd, 2009. The presentation materials discussing USB security vulnerabilities are available for download. The talk focused on research findings related to USB security.

• 4 Jun 2009

EuSecWest 2009 Run Down

EuSecWest 2009 featured technical presentations on cybersecurity vulnerabilities and attack techniques across multiple domains. Talks covered Microsoft exploit mitigations, PCI bus attacks, Trusted Computing vulnerabilities, iPhone security exploits, and Firefox extension risks. The conference provided insights into emerging cybersecurity research and potential system vulnerabilities.

• John Fitzpatrick
• 7 May 2009

HashCookies - A Simple Recipe

HashCookies is a session security technique that uses random salt and hashing to generate browser-specific session cookies. The method prevents session hijacking by making stolen session IDs unusable without the original salt. Implementation requires support from both web browsers and web servers to generate secure, context-specific session identifiers.

• 13 Mar 2009

Have you got bad timing?

Timing attacks exploit variations in system response times to extract sensitive information. A specific example involving Citrix Access Gateway revealed that authentication attempts with valid Active Directory usernames took slightly longer to return failed login messages. This timing difference could potentially allow attackers to identify valid usernames and assist in password guessing attempts.