RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Library | WHITEPAPER | July 1, 2009

A Risk-based Approach to Determining ESPs and CCAs

To mitigate the possibility of one computer virus crippling an entire region’s transportation, emergency services, and power, the North American Electric Reliability Council (NERC) Critical Infrastructure Protection Standards (CIPS) requirements 002-009 describe the cyber security standards with which bulk electric power providers must comply. As part of this compliance effort, power providers must identify their Critical Cyber Assets (CCA) and applicable corresponding Electronic Security Perimeters (ESP). This document provides a detailed methodology for determining ESPs and CCAs.

Launch PDF
IOActive
Library | WHITEPAPER |

Black Ops of PKI Black Hat USA 2009

Research unveiled in December of 2008 showed how MD5’s long-known flaws could be actively exploited to attack the real-world Certification Authority infrastructure. This August 2009 presentation demonstrates two new collision classes: the applicability of MD2 pre-image attacks against the primary root certificate for VeriSign and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests. It also calls out two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parse PKCS#10 and the potential for SQL injection from text…

Launch PDF
Dan Kaminsky
Library | WHITEPAPER | December 31, 2008

Updated PCI Standards: Flexibility, Clarity and Common Sense 2.0

The Payment Card Industry Data Security Standards (PCI DSS) are a set of 12 requirements that merchants and their business partners are expected to follow to ensure the safety of cardholder data. Authored by the PCI Security Standards Council-an independent consortium of representatives from the major credit card brands-the PCI DSS covers data management, information technology, encryption, physical security, legal agreements, and business operations. When these standards were updated from version 1.1 to version 1.2, 30 changes were introduced to the existing requirements.

Launch PDF
IOActive

Biometric Security: Facial Recognition Testing

IOActive has conducted extensive research and testing of facial recognition systems on commercial mobile devices. Our testing included setups for 2D- and 3D-based algorithms, including technologies using stereo IR cameras. Discovering the underlying algorithms to find setups to bypass them, then calculating the Spoof Acceptance Rate (SAR).

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)IOACTIVE SERVICES OVERVIEW (PDF)


IOACTIVE ARCHIVED WEBINARS