Practical Attacks with DNS Rebinding

One of the tools I expect to see gain in popularity in the wild is DNS rebinding. DNS rebinding is a technique that turns a victim’s browser into a proxy for attacking private networks. Attackers can change the IP associated with a domain name after it has been used to ... Read More

Spectre and Meltdown: What you need to know

If this first week is any indication, 2018 could mark a significant paradigm shift in trusted computing and open source hardware. Chip makers have been very effective in making enhancements to greatly improve application performance, but the revelation of Spectre and Meltdown makes it clear that more attention needs to ... Read More

Exploiting ROBOT like Mr. Robot

It was late Friday afternoon when the email arrived saying he’d won a free cruise. Philip quickly opened the email and clicked the link for more information, but there was nothing there. What he didn’t know is that this cruise offer actually came from a hacker and not Cruise Giveaways ... Read More

VERT Threat Alert: Return of Bleichenbacher’s Oracle Threat (ROBOT)

/ / robot, TLS, VERT, vulnerability
Vulnerability Description A team of researchers, including Tripwire VERT’s Craig Young has announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw. The problem is that these implementations allow an attacker to identify whether or not a chosen ciphertext has proper PKCS#1 ... Read More

5 Steps to a More Secure IoT Baseline

Enterprise access point maker Ruckus once again patched up command injection vectors that could completely compromise both the ZoneDirector controller, as well as the Unleashed AP. One of the vulnerabilities is in fact strikingly similar to an issue in another Ruckus Web-GUI I disclosed last year. While vulnerability is essentially ... Read More