PCI DSS and Security Breaches
Every time an organization suffers a security breach and cardholder data is compromised, people question the effectiveness of the Payment Card Industry Data Security Standard (PCI DSS). Blaming PCI DSS for the handful of companies that are breached every year shows a lack of understanding of the standard’s role. Two major misconceptions are responsible for this. First, PCI DSS is a compliance standard. An organization can be compliant today and not tomorrow. It can be compliant when an assessment is taking place and noncompliant the minute the assessment is…
INTERNET-of-THREATS
At IOActive Labs, I have the privilege of being part of a great team with some of the world’s best hackers. I also have access to really cool research on different technologies that uncovers security problems affecting widely used hardware and software. This gives me a solid understanding of the state of security for many different software and hardware devices, not just opinions based on theories and real life experience. Currently, the term Internet-of-Things (IoT) is becoming a buzzword used in the media, announcements from hardware device manufacturers, etc….
The password is irrelevant too
In this follow up to a blog post on the Scalance-X200 series switches, we look at an authentication bypass vulnerability. It isn’t particularly complicated, but it does allow us to download configuration files, log files, and a firmware image. It can also be used to upload configuration and firmware images, which causes the device to reboot. The code can be found in IOActive Labs github repository. If an attacker has access to a configuration file with a known password, they can use this code to update the…
An Equity Investor’s Due Diligence
Information technology companies constitute the core of many investment portfolios nowadays. With so many new startups popping up and some highly visible IPO’s and acquisitions by public companies egging things on, many investors are clamoring for a piece of the action and looking for new ways to rapidly qualify or disqualify an investment ; particularly so when it comes to hottest of hot investment areas – information security companies. Over the years I’ve found myself working with a number of private equity investment firms – helping them to review the…
The password is irrelevant
This story begins with a few merry and good hearted tweets from S4x13. These tweets in fact: Notice the shared conviviality, and the jolly manner in which this discussion of vulnerabilities occurs. It is with this same lightness in my heart that I thought I would explore the mysterious world of the. So I waxed my moustache, rolled up my sleeves, and began to use the arcane powers of Quality Assurance. Ok, how would an attacker who…
Practical and cheap cyberwar (cyber-warfare): Part II
Disclaimer: I did not perform any illegal attacks on the mentioned websites in order to get the information I present here. No vulnerability was exploited on the websites, and they are not known to be vulnerable. Given that we live in an age of information leakage where government surveillance and espionage abound, I decided in this second part to focus on a simple technique for information gathering on human targets. If an attacker is targeting a specific country, members of the military and defense contractors would make good human…
A Short Tale About executable_stack in elf_read_implies_exec() in the Linux Kernel
This is a short and basic analysis I did when I was uncertain about code execution in the data memory segment. Later on, I describe what’s happening in the kernel side as well as what seems to be a small logic bug. I’m not a kernel hacker/developer/ninja; I’m just a Linux user trying to figure out the reason of this behavior by looking in key places such as the ELF loader and other related functions. So, if you see any mistakes or you realize that I approached this in a…
heapLib 2.0
Hi everyone, as promised I’m releasing my code for heapLib2. For those of you not familiar, I introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Much of this work is based on Alex Sotirov’s research from quite a few years ago (http://www.phreedom.org/research/heap-feng-shui/). The zip file contains: heapLib2.js => The JavaScript library that needs to be imported to use heapLib2 heapLib2_test.html => Example usage of some of the functionality that is available in heapLib2 html_spray.py => A Python script…
Hacking a counterfeit money detector for fun and non-profit
In Spain we have a saying “Hecha la ley, hecha la trampa” which basically means there will always be a way to circumvent a restriction. In fact, that is pretty much what hacking is all about. It seems the idea of ‘counterfeiting’ appeared at the same time as legitimate money. The Wikipedia page for Counterfeit money is a fascinating read that helps explain its effects. http://en.wikipedia.org/wiki/Counterfeit_money Nowadays every physical currency implements security measures to prevent counterfeiting. Some counterfeits can be detected with a naked eye,…
NCSAM – Lucas Apa explains the effects of games cheating, 3D modeling, and psychedelic trance music on IT security
I got involved with computers in 1994 when I was six years old. I played games for some years without even thinking about working in the security field. My first contact with the security field was when I started to create “trainers” to cheat on games by manipulating their memory. This led me to find many tutorials related to assembly and cracking in 2001, when my security research began. The thin line of legality at that time was blurred by actions not considered illegal. This allowed an explosion…