Accidental Offensive Security: Analysis of Buffer Overrun in a Security Tool Note: I originally posted this blog entry on the Aspect Security blog around 2017-03-16. I am mirroring it here with only formatting changes. Introduction During a project working with Hydra, a Network Login Auditor, we discovered and corrected a buffer overrun issue with possible security implications that might include the auditor being attacked by the… Read More
PolarSSL Security Snowstorm – Tools Could Not Save Us Note: I originally posted this blog entry on the Aspect Security blog around 2015-02-13. I am mirroring it here with only formatting changes. Introduction The spat of SSL and TLS issues over the last year have caused concern about the quality of the encrypted tunnel in Internet communications. The various creatively named BEAST, CRIME, &… Read More
Challenge/Response Fail Here in an example of a recent challenge/response form found on a system not to be named. Answer to What was your first pets name? is too short. Answers must be between 5 and 255, Sigh. Chip, Ted, Lola, Opus, Kiki, C (the letter, not the language).… Read More
Accidental Offensive Security: Analysis of Buffer Overrun in a Security Tool During a project working with Hydra, a Network Login Auditor, we discovered and corrected a buffer overrun issue with possible security implications that might include the auditor being attacked by the auditee. TL;DR Attacker using Hydra or Medusa can get pwn’d by the victim website responding with remote code execution via buffer overrun exploit.… Read More