Our Blog

Obtaining shells via Logitech Unifying Dongles

Reading time: ~11 min
In this post, I will recap some of the security research conducted on wireless keyboards and mice, and eventually show...

USaBUSe Linux updates

Reading time: ~6 min
(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...

Revisting XXE and abusing protocols

Reading time: ~9 min
Recently a security researcher reported a bug in Facebook that could potentially allow Remote Code Execution (RCE). His writeup of...

Dangers of Custom ASP.NET HttpHandlers

Reading time: ~2 min
ASP.NET HttpHandlers are interesting components of a .NET web application when performing security assessments, mainly due to the fact they...

House of Cards

Reading time: ~4 min
In light of recent mass hacks (HBGary, Sony, Nintendo,  etc) one would have thought that collectively, companies would take notice...

Analysis of a UDP worm

Reading time: ~4 min
Introduction From time to time I like to delve into malware analysis as a pastime and post interesting examples, and...

‘Scraping’ our time servers

Reading time: ~5 min
The intertubes have been humming lately around a certain NTP feature to gather lists of NTP servers’ clients and it...

Virtualization as an answer to backward compatability?

Reading time: Less than a minute
Part of the problem Microsoft bumped into with Vista, was hordes of people who had grown too attached to XP.....

Vanilla SQL Injection is oh-so-90’s…wait…is it? (Jackin the K)

Reading time: ~1 min
aka.. Someone put the hurtski on Kaspersky.. The Twitters (via XSSniper and others) and the Interwebs were ablaze with news on...

Turn of the century deja vu?

Reading time: ~3 min
The recent widespread carnage caused by the Conficker worm is astounding, but is also comforting, in a strange way. It...

“Hooker” approach to break-in!

Reading time: Less than a minute
Interesting post on cost/benefit analysis of  hacker and hooker attacks…. behrang

Sarah Palin, a yahoo email account, and something more shocking…

Reading time: Less than a minute
By now everyone knows that John McCain’s running mate Sarah Palin had her yahoo email account hacked. I guess a...

Enter Google Chrome…

Reading time: ~1 min
Google have thrown their hat in the browser-ring, which many have predicted. [Chrome]  should be coming soon to downloads near...

rethinking ye old truths

Reading time: ~1 min
since forever, i’ve been told (and told others) that the greatest threat is from the inside. turns out, not so...

Mind Control, Big Cats, Feynman && kiosks…

Reading time: ~4 min
Aka… A good weekend.. The weekend got off to a slow start, when Amazon claimed it would take a little...

Alas.. i could have made squillions (aka – Amazon MTURK)

Reading time: ~1 min
In early 2002 i suggested that we could solve some computer problems and south africas street-kid problem by setting up...

On vulnerability, root cause, white-listing and compliance

Reading time: ~4 min
Many years ago, when we first released ‘Setiri’ one of the controls that we preached was website white-listing. As talk-back...

More Pentagon data leakage through Office files..

Reading time: Less than a minute
R J Hillhouse (who has a fascinating background) found that when she double clicked a graph on a slide deck...

Hotel Hacking

Reading time: Less than a minute
Check out http://hongkong.langhamplacehotels.com/accom/technology.htm in Hong Kong. They provide Cisco IP phones in the rooms, but with a difference. According to...

Second Life land grab case moves into U.S federal courts..

Reading time: ~1 min
Ars Technica is reporting on the law suit filed in 2006 by Martin Bragg who accused Linden labs of wrongfully...