Note: I originally posted this blog entry on the Aspect Security blog around 2015-02-13. I am mirroring it here with only formatting changes. Introduction The spat of SSL and TLS issues over the last year have caused concern about the quality of the encrypted tunnel in Internet communications. The various creatively named BEAST, CRIME, &… Read More

Here in an example of a recent challenge/response form found on a system not to be named. Answer to What was your first pets name? is too short. Answers must be between 5 and 255, Sigh. Chip, Ted, Lola, Opus, Kiki, C (the letter, not the language).… Read More

During a project working with Hydra, a Network Login Auditor, we discovered and corrected a buffer overrun issue with possible security implications that might include the auditor being attacked by the auditee. TL;DR Attacker using Hydra or Medusa can get pwn’d by the victim website responding with remote code execution via buffer overrun exploit.… Read More