Exploitation

Contributed by Librado Santibanez

A confounding computer bug called “Heartbleed” is causing major security worries across the internet. Heartbleed affects many things, including web servers, routers that connect office networks to the internet, mobile apps and VPNs (Virtual Private Network). It has been estimated that 60 percent of secure web sites that are using OpenSSL are affected. In addition, Heartbleed cannot be traced. In many cases, online access to web sites were shut down for several days until it could be patched and upgrade for Heartbleed. What is Heartbleed bug? How does it work? What does it affect? Who created the bug and when? What do we need to know? How can we fix it? Overall, these are the most frequently asked questions as a client and server.

This document is in PDF format. To view it click here.

Contributed by Hagai Bar-El

This document analyzes, from a technical point of view, currently known attacks against smart card implementations.

The purpose of this analysis is to give the necessary background for the assessment of the mechanisms that can enhance the security of smart cards. This document is mainly intended for people who are considering the use of cryptographic modules and who need to compare several options with respect to their security.

This document is in PDF format. To view it click here.

Created by Cameron Meyer

Mobile devices with networking capabilities are continuously increasing and users are utilizing these capabilities more. Just like traditional desktop and laptop computers, these mobile devices are vulnerable to attacks from hackers, viruses and other malware. As a result, mobile devices are being targeted by hackers, viruses and other malware entities at an alarming rate. The evolution of this malware has been rapid throughout its short lifespan thus far. This makes protection of mobile devices and preventing attacks and malicious programs imperative. The features of mobile devices allows them to function similarly to desktop and laptop computers and the information on them and transported by them must be protected with equal diligence.

This document is in PDF format. To view it click here.

Contributed by Charles Hornat. An old paper I wrote over a decade ago.

This paper will provide a detailed analysis of the Buffer Overrun in JPEG Processing which started appearing on Microsoft software in September 2004.

Just a week prior to writing this paper, Microsoft announced a buffer overrun in JPEG processing in many of Microsoft’s software. This particular vulnerability increased the difficulty of patching for large organizations since it not only impacted operating systems, it also included many popular software packages such as Microsoft Office and development software such as Visual Studio .Net.

Contributed by Karmendra Kohli and restored from the old Infosecwriters.com archive.

The browser’s back and refresh features can be used to steal passwords from insecurely written applications. This paper discusses the problem and the solution. We will show how a bad guy can access the user credentials of the previously logged in user by exploiting this feature, if the web application has not been developed securely.

This document is in PDF format. To view it click here.