Spectre and Meltdown: What you need to know

If this first week is any indication, 2018 could mark a significant paradigm shift in trusted computing and open source hardware. Chip makers have been very effective in making enhancements to greatly improve application performance, but the revelation of Spectre and Meltdown makes it clear that more attention needs to be paid to hardware level … Read More The post Spectre and Meltdown: What you need to know appeared first on The State of Security.
Read more

Exploiting ROBOT like Mr. Robot

It was late Friday afternoon when the email arrived saying he’d won a free cruise. Philip quickly opened the email and clicked the link for more information, but there was nothing there. What he didn’t know is that this cruise offer actually came from a hacker and not Cruise Giveaways of America. This was no … Read More The post Exploiting ROBOT like Mr. Robot appeared first on The State of Security.
Read more

VERT Threat Alert: Return of Bleichenbacher’s Oracle Threat (ROBOT)

Vulnerability Description A team of researchers, including Tripwire VERT’s Craig Young has announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw. The problem is that these implementations allow an attacker to identify whether or not a chosen ciphertext has proper PKCS#1 v1.5 padding when decrypted. This … Read More The post VERT Threat Alert: Return of Bleichenbacher’s Oracle Threat (ROBOT) appeared first on The State of Security.
Read more

5 Steps to a More Secure IoT Baseline

Enterprise access point maker Ruckus once again patched up command injection vectors that could completely compromise both the ZoneDirector controller, as well as the Unleashed AP. One of the vulnerabilities is in fact strikingly similar to an issue in another Ruckus Web-GUI I disclosed last year. While vulnerability is essentially an inevitable fact of life … Read More The post 5 Steps to a More Secure IoT Baseline appeared first on The State of Security.
Read more