Infineon / ST Mesh Comparison
Given all the recent exposure from our Infineon research, we have had numerous requests regarding the ST mesh architecture and how Infineon’s design compares to the ST implementation. Both devices are a 4 metal ~140 nanometer process. Rather than have us tell you who we think is stronger (it’s pretty obvious), we’d like to see your comments on what you the readers think! The Infineon mesh consists of 5 zones with 4 circuits per zone. This means the surface of the die is being covered by 20 different electrical circuits. The ST mesh…
We are now on Twitter too!
We probably should have been tweeting (sic?) for some time now but we are finally doing it! You can join/follow us here: http://twitter.com/semiconduktor As well, you can always get to Flylogic through Semiconduktor.com or Semiconduktor.net :).
Mach Exception Handling Privilege Escalation
Discovered: 01.05.10. Mach exception handling suffers from a vulnerability that allows an attacker to gain access to the memory of a suid process (set user identifier). Due to a vulnerability that is similar to CVE-2006-4392 (found by Dino Dai Zovi of Matasano Security), it is possible for a suid process to inherit the Mach exception ports of the parent.
Volunteers to help cleanup WordPress problems?
Whenever the blog is enabled, spammers are able to deface the main pages index.html file replacing it with hundreds of spam links to software. The only way we can stop it is to stop the blog. We’ve tried cleaning the blog up but they still get in somehow through WordPress :(. If you think you can help us, please email tech at flylogic.net Thanks!
Security Guidance for Critical Areas of Focus in Cloud Computing
What follows is our initial report, outlining areas of concern and guidance for organizations adopting cloud computing. The intention is to provide security practitioners with a comprehensive roadmap for being proactive in developing positive and secure relationships with cloud providers. Much of this guidance is also quite relevant to the cloud provider to improve the quality and security of their service offerings. As with any initial foray, there certainly will be guidance that we can improve, and we will likely modify the number of domains and change the focus of…
Microsoft Windows CryptoAPI X.509 Spoofing Vulnerability
Release Date: 10.13.09. VUPEN ID: VUPEN/ADV-2009-2891. CVE ID: CVE-2009-2510, CVE-2009-2511. Researchers identified two vulnerabilities in Microsoft Windows relating to the use of X.509 certificates. Attackers could exploit these to bypass security restrictions.
Exploitation in the ’New’ WIN32 Environment
With the release of Windows XP SP2 and Windows 2003, Win32 auditing, exploitation and research became far more complex. Data Execution Protection, a host of new security measures within the compilers, and the .NET Framework’s implications on development as a whole all signaled the end of “simple” core system exploits. This paper focuses on these architecture changes-which were made to prevent exploitation of win32 processes-and how to break them. It reiterates what the author learned about general Win32 exploitation and provides detailed techniques to evade stack protections in Windows XP…
doc.export* Methods Allow Arbitrary File Creation
Discovered: 07.13.09. Several JavaScript methods of the Document Object do not honor the Privileged Context and Safe Path settings. IOActive was able to execute certain privileged JavaScript methods that can be used to create arbitrary files and folders on a targeted file system.
A Risk-based Approach to Determining ESPs and CCAs
To mitigate the possibility of one computer virus crippling an entire region’s transportation, emergency services, and power, the North American Electric Reliability Council (NERC) Critical Infrastructure Protection Standards (CIPS) requirements 002-009 describe the cyber security standards with which bulk electric power providers must comply. As part of this compliance effort, power providers must identify their Critical Cyber Assets (CCA) and applicable corresponding Electronic Security Perimeters (ESP). This document provides a detailed methodology for determining ESPs and CCAs.
Black Ops of PKI Black Hat USA 2009
Research unveiled in December of 2008 showed how MD5’s long-known flaws could be actively exploited to attack the real-world Certification Authority infrastructure. This August 2009 presentation demonstrates two new collision classes: the applicability of MD2 pre-image attacks against the primary root certificate for VeriSign and the difficulty of validating X.509 Names contained within PKCS#10 Certificate Requests. It also calls out two possibly unrecognized vectors for implementation flaws that have been problematic in the past: the ASN.1 BER decoder required to parse PKCS#10 and the potential for SQL injection from text…