RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Library | WHITEPAPER | July 1, 2009

A Risk-based Approach to Determining ESPs and CCAs

To mitigate the possibility of one computer virus crippling an entire region’s transportation, emergency services, and power, the North American Electric Reliability Council (NERC) Critical Infrastructure Protection Standards (CIPS) requirements 002-009 describe the cyber security standards with which bulk electric power providers must comply. As part of this compliance effort, power providers must identify their Critical Cyber Assets (CCA) and applicable corresponding Electronic Security Perimeters (ESP). This document provides a detailed methodology for determining ESPs and CCAs.

Launch PDF
IOActive
Library | WHITEPAPER |

Black Ops of PKI Black Hat USA 2009

Research unveiled in December of 2008 showed how MD5’s long-known flaws could be actively exploited to attack the real-world Certification Authority infrastructure. This August 2009 presentation demonstrates two new collision classes: the applicability of MD2 pre-image attacks against the primary root certificate for VeriSign and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests. It also calls out two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parse PKCS#10 and the potential for SQL injection from text…

Launch PDF
Dan Kaminsky
Disclosures | ADVISORIES | June 9, 2009

Recursive Stack Overflow in ClamAV

Reported: 10.30.08. Patched: 12.01.08. Disclosed: 06.09.0. ClamAV’s JPEG parser contains code that recursively checks thumbnails, if they are included. Since the thumbnails can be JPEGs, there is no limit to the amount of recursions that can occur. This can lead to stack overflows.

Launch PDF
Ilja van Sprundel
Disclosures | ADVISORIES | June 8, 2009

Heap Corruption in Tor

Discovered: January 2009. Reported: 01.20.09. Disclosed: 06.08.09. There is a potential heap corruption bug in Tor when escaping data for logging purposes. Only certain deployments are vulnerable, and the bug can be triggered only from certain locales.

Launch PDF
Ilja van Sprundel
Disclosures | ADVISORIES | March 3, 2009

AppleTalk Response Packet Parsing Array Over-indexing Vulnerability

Discovered: 03.03.09. Reported: 03.03.09. Disclosed: 08.05.09. CVE-ID: CVE-2009-2193. The Mac OS X AppleTalk stack contains an array over-indexing vulnerability that, if exploited correctly while AppleTalk is powered on, could lead to a remote system compromise. Even if only partially exploited, it could lead to denial-of-service conditions and cause a kernel panic remotely, effectively shutting down the system.

Launch PDF
Ilja van Sprundel
Disclosures | ADVISORIES | February 4, 2009

Pointer Dereference in OpenSolaris

Reported: 09.29.08. Disclosed: 02.04.09. Patched: 02.05.09. The OpenSolaris kernel exhibits a vulnerability around a userland pointer dereference, and allows both reading from and writing to the kernel.

Launch PDF
Ilja van Sprundel
Blogs | INSIGHTS | January 13, 2009

Blackhat USA 2009 Poll – Rev Eng Class

During last years Blackhat and Defcon conferences, several individuals asked me about possibly giving classes on the security model of commonly found microcontrollers.  Jeff Moss’ group setup a poll here.  Given today’s Silicon technology has become so small yet so large, it would be best to determine which architecture and which devices everyone is most interested in.  The current poll will determine which brand micro to target (Atmel AVR or Microchip PIC) and after this is decided, we will need more input to narrow the…

IOActive
Blogs | RESEARCH | January 8, 2009

Intel 4004

Before going deeper into the analysis of today’s chips, we will take a quick journey to where it all began: the Intel 4004, world’s first widely-used microprocessor. The 4004 and most other antiquated chips differ from modern chips in two main characteristics: They only use a single type of transistor (PMOS or NMOS) and each logic gate is custom-designed to best utilize the available area — an inevitable optimization for chips built from transistors about 150x larger than those used in their modern descendants. Each of the gates is composed…

IOActive
Library | WHITEPAPER | December 31, 2008

Updated PCI Standards: Flexibility, Clarity and Common Sense 2.0

The Payment Card Industry Data Security Standards (PCI DSS) are a set of 12 requirements that merchants and their business partners are expected to follow to ensure the safety of cardholder data. Authored by the PCI Security Standards Council-an independent consortium of representatives from the major credit card brands-the PCI DSS covers data management, information technology, encryption, physical security, legal agreements, and business operations. When these standards were updated from version 1.1 to version 1.2, 30 changes were introduced to the existing requirements.

Launch PDF
IOActive
Disclosures | ADVISORIES | October 31, 2008

QNX ker_msg_sendv System Call Integer Overflow

Discovered: 10.30.08. Reported: 10.30.08. Disclosed: 10.31.08. QNX’s ker_msg_sendv() system call contains an integer overflow that could lead to heap corruption and, if correctly exploited, system compromise. If only partially exploited, this could lead to denial-of-service conditions and kernel panic, effectively shutting down the system.

Launch PDF
Ilja van Sprundel

Thoughts on Supply Chain Integrity

In this video presentation, John Sheehy, VP, Sales and Strategy at IOActive, shares his comprehensive view on the myriad considerations facing business as they undertake supply chain integrity assessments, focused on securing operations.

ACCESS THE VIDEO


IOACTIVE CORPORATE OVERVIEW (PDF)