INSIGHTS | August 9, 2010

Atmel ATMEGA2560 Analysis (Blackhat follow-up)

At this years Blackhat USA briefings, the ATMEGA2560 was shown as an example of an unsecure vs. secure device.  We have received a few requests for more information on this research so here it goes…

The device did not even need to be stripped down because of designer lazyness back at Atmel HQ.  All we did was look for the metal plates we detailed back in our ATMEGA88 teardown last year and quickly deduced which outputs were the proper outputs in under 20 minutes.

Atmel likes to cover the AVR ‘important’ fuses with metal plating.  We assume to prevent the floating gate from getting hit with UV however the debunk to this theory is that UV will SET the fuses not clear them!

For those who must absolutely know how to unlock the device, just click on the, “Money Shot!”

INSIGHTS | August 7, 2010

Parallax Propeller P8X32A Quick Teardown

Parallax has a really neat 8 core 32 bit CPU called the ‘Propeller’.  It’s been out for a few years but it is gaining popularity.  There is no security with the device as it boots insecurely via a UART or I2C EEPROM.  None the less, we thought it was interesting to see an 8 core CPU decapsulated!

One can clearly see 8 columns that appear almost symmetric (except in the middle region).  The upper 8 squares are each ‘cogs’ 512 * 32 SRAMs as described in the manual.  The middle left 4 and right 4 squares are the ROM’s Parallax describes.  The 8 rectangular objects are the 32KB SRAM as described.  The 8 cores are basically the 8 columns above the middle ROM’s to include the 512 * 32 SRAMs because they describe each cog as having it’s own 512 * 32 SRAM :).

Last but not least is the logo by Parallax.  Nice job Parallax on this beast!  We have one favor-  implement some flash on the next generation with a security bit ;).

INSIGHTS | August 6, 2010

Echostar v NDS appellate court ruling update

Normally, I would not mix non-technical with the blog however I thought this deserved a little more attention that it has received.

The ruling which states that NDS has won the lawsuit, vindicates myself and puts Echostar owing NDS almost 18,000,000.00 USD has come down as of 2 days ago.

As well I thought it nice to mention that neither Flylogic nor myself works for/or with Echostar, Nagra, NDS or any other conditional access company in any way or form.

I wish all persons whom this lawsuit  effects the best (yes even you Charlie),

Christopher Tarnovsky

WHITEPAPER | July 1, 2010

Searching for Privacy: How to Protect Your Search Activity

This guide explains how to perform searches anonymously, protecting you from increasingly intrusive tracking and analysis by corporate and governmental organizations. (more…)

WHITEPAPER |

The Genie in the Market

The Android Market is an open and friendly variation on the app stores spreading across the mobile phone industry. These applications appear safe on the surface, but they exact a price for developer accessibility that is paid by unsuspecting Android consumers and vendors. This article discusses the threats presented by native libraries included by Android Market applications and covers how these vulnerabilities were exploited by the Unrevoked app to jailbreak the latest generation of Android phones.

(more…)

WHITEPAPER | May 30, 2010

Securing the Smart Grid: To Act Without Delay

This presentation, delivered at Infosecurity Europe by Joshua Pennell, discusses risks identified, research performed, and remediation efforts suggested around the Smart Grid and meters. (more…)

ADVISORIES | May 4, 2010

Authentication Bypass In Tranax Remote Management Software

Reported: 04.05.10. The Tranax Remote Management Software (RMS) allows for the administration of common Automated Teller Machine (ATM) tasks from a remote location.

To successfully authenticate to a remote ATM, both the serial number and the RMS password are required. An attacker can leverage an implementation flaw that occurs when verifying credentials to craft a request that bypasses all authentication measures. The attacker could then perform remote management tasks with invalid credentials.

The RMS interface is enabled, by default, on a typical ATM installation. (more…)

ADVISORIES | March 18, 2010

SQL Injection and Cross-site Scripting at www.courts.wa.gov

Discovered: 03.18.10. Reported: 03.23.10. The formID parameter at http://www.courts.wa.gov/forms/ is vulnerable to SQL injection. The searchTerms parameter at http://www.courts.wa.gov/search/index.cfm is vulnerable to cross-site scripting attacks. Exploiting these vulnerabilities would likely expose sensitive data and may result in compromise of the affected systems. (more…)

WHITEPAPER | March 1, 2010

Top Threats to Cloud Computing V1.0

The purpose of this document is to provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. In essence, this threat research document should be seen as a companion to “Security Guidance for Critical Areas in Cloud Computing.” As the first deliverable in the CSA’s Cloud Threat Initiative, this document will be updated regularly to reflect expert consensus on the probable threats that customers should be concerned about.

(more…)

ADVISORIES |

Multiple Vulnerabilities in Accoria Web Server

Discovered/Reported to Accoria: December 2008. Date Reported to US-Cert: March 1, 2010. The Accoria Web Server 1.4.7 for x86 Solaris exhibits multiple vulnerabilities, including cross-site scripting, directory traversal, and format string errors. (more…)