Another story from the trenches:
Client: “You will have to work on site for this job. The data you’re gonna work with is of course highly sensitive and confidential. We cannot risk any of it to leave the company premises.”
Ok, so at this point, you usually prepare yourself to disillusion the client about how secure large [...]
Also tagged on-site, policy, trustWe finally released the Whitepaper for our JBoss Application Server talk (the one we held e.g. at the hack.lu 2008 and the 16th DFN-CERT).
The paper gives you a more detailed overview about the JBoss AS internals we used in the attacks, as well as a complete description of the individual exploitation techniques.
The only catch [...]
On June 17th 2009, we will give the talk “Sicherheit und Industriespionage: Ein Realitätsabgleich” (in German) at the IHK Aachen. The event happens together with the Verfassungsschutz NRW (North Rhine-Westphalian office for the protection of the constitution) and the Landesinitiative secure-it.nrw.
The talk focuses on examples from penetration tests and real cases of industrial espionage. [...]
The last time our printer broke down (which happened for the first time, so this is not about bashing our printer manufacturer) it showed these messages in the display:
Which reminded me why we always tell our clients to treat their printers like servers, security-wise. Additionally, never trust a machine with a LIBDecisionImpl.cxx. Who knows if [...]
The German Linux Magazine kindly asked us to give a talk at the CeBIT this year, and we are of course happy to join in.
The talk (in German) will be held at the Open Source forum on March 06, the security day, at 2:30 – 3:15pm, with the title “Überraschende Angriffsvektoren: Weit verbreitet, oft übersehen” [...]
As I’ve stumbled across this phenomenon more than once in the last time during work, I’d like to write a little bit on Flash, how to pass parameters to it and why this is important from a security perspective.
Flash applications (you know, those pesky little buggers ending in .swf that are always crashing your browser [...]