RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Disclosures | ADVISORIES | February 4, 2009

Pointer Dereference in OpenSolaris

Reported: 09.29.08. Disclosed: 02.04.09. Patched: 02.05.09. The OpenSolaris kernel exhibits a vulnerability around a userland pointer dereference, and allows both reading from and writing to the kernel.

Launch PDF
Ilja van Sprundel
Blogs | INSIGHTS | January 13, 2009

Blackhat USA 2009 Poll – Rev Eng Class

During last years Blackhat and Defcon conferences, several individuals asked me about possibly giving classes on the security model of commonly found microcontrollers.  Jeff Moss’ group setup a poll here.  Given today’s Silicon technology has become so small yet so large, it would be best to determine which architecture and which devices everyone is most interested in.  The current poll will determine which brand micro to target (Atmel AVR or Microchip PIC) and after this is decided, we will need more input to narrow the…

IOActive
Blogs | RESEARCH | January 8, 2009

Intel 4004

Before going deeper into the analysis of today’s chips, we will take a quick journey to where it all began: the Intel 4004, world’s first widely-used microprocessor. The 4004 and most other antiquated chips differ from modern chips in two main characteristics: They only use a single type of transistor (PMOS or NMOS) and each logic gate is custom-designed to best utilize the available area — an inevitable optimization for chips built from transistors about 150x larger than those used in their modern descendants. Each of the gates is composed…

IOActive
Library | WHITEPAPER | December 31, 2008

Updated PCI Standards: Flexibility, Clarity and Common Sense 2.0

The Payment Card Industry Data Security Standards (PCI DSS) are a set of 12 requirements that merchants and their business partners are expected to follow to ensure the safety of cardholder data. Authored by the PCI Security Standards Council-an independent consortium of representatives from the major credit card brands-the PCI DSS covers data management, information technology, encryption, physical security, legal agreements, and business operations. When these standards were updated from version 1.1 to version 1.2, 30 changes were introduced to the existing requirements.

Launch PDF
IOActive
Disclosures | ADVISORIES | October 31, 2008

QNX ker_msg_sendv System Call Integer Overflow

Discovered: 10.30.08. Reported: 10.30.08. Disclosed: 10.31.08. QNX’s ker_msg_sendv() system call contains an integer overflow that could lead to heap corruption and, if correctly exploited, system compromise. If only partially exploited, this could lead to denial-of-service conditions and kernel panic, effectively shutting down the system.

Launch PDF
Ilja van Sprundel
Disclosures | ADVISORIES | October 21, 2008

DNS TXT Record Parsing Bug in LibSPF2

Reported: 10.20.08. Disclosed: 10.21.08. Researchers discovered a relatively common bug that parses TXT records delivered over DNS-dating back at least to 2002 in Sendmail 8.2.0 and almost certainly much earlier-in LibSPF2. This library retrieves Sender Policy Framework (SPF) records and applies policy according to those records. This implementation flaw allows for relatively flexible memory corruption and should be treated as a path to anonymous remote code execution.

Launch PDF
Dan Kaminsky
Disclosures | ADVISORIES | September 30, 2008

Diskimages-helper band-size Vulnerability

Reported to Vendor: 09.30.08. Patch Released: 04.29.09. CVE ID: CVE-2009-0150. A signed-to-unsigned conversion flaw exists in diskimages-helper when it reads the band-size parameter. When the value specified for the band-size key is changed to a negative number, the diskimages-helper process crashes when the user attempts to log in.

Launch PDF
Tiller Beauchamp
Blogs | INSIGHTS | September 13, 2008

Reverse-Engineering Custom Logic (Part 1)

Today we are taking you one step deeper into a microchip than we usually go. We look at transistors and the logic functions they compose, which helps us understand custom ASICs now found in some secured processors. To reverse-engineer the secret functionality of an ASIC, we identify logic blocks, map out the wiring between the blocks, and reconstruct the circuit diagram. Today, we’ll only be looking at the first step: reading logic. And we start with the easiest example of a logic function: the inverter. To read logic, you first…

IOActive
Blogs | INSIGHTS |

New author- Herr Karsten Nohl!

We are proud to announce that those who enjoy reading the blog (which we apologize for the lack of content lately) can soon enjoy reading posts from Karsten Nohl as well. For those of you who are not familiar with Karsten, he played an important role in the discovery and analysis of the Crypto-1 mathematical algorithm found in Philips (NXP) Mifare RFID devices. He recently obtained his PhD from University of Virginia in the United States.   He’s well known within the Chaos Computer Club (CCC) in Germany as well. We too…

IOActive
Disclosures | ADVISORIES | August 5, 2008

Multiple Vulnerabilities in Apple’s MobileMe Service

Reported: 08.05.08. Patched: 11.06.08 Disclosed: 11.20.08. Apple’s MobileMe (me.com) web service contains several serious security vulnerabilities. The most critical vulnerability combines cross-site request forgery and cross-site scripting, and allows an attacker to access the service without a valid password.

Launch PDF
Richard van Eeden & Ilja van Sprundel

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)