This website uses cookies to ensure you get the best experience. More Information...


Lawful Interception

The need for protection of information, one of the most valuable assets in the modern society, has increased dramatically in the last decade. ‘However, hand by hand with any technological and economic advancement new fraud and crime-committing methods appear, targeting at our valuable information assets. Cryptography is one of the key technologies for ensuring confidentiality, […]

Information Security User Guide

This Information Security Guide is meant for all users in the organization. The Guide summarizes the most central basic issues of information security and gives practical advice for the implementation of information security in one’s own work. If you need more information you should first check the organization’s IS Policy manual. Link to guideline

Risk Analysis – A valuable tool for organizations / comparative analysis

Over the past few years, there has been a rapid development of Global IT infrastructures, which has fundamentally shifted the way information is managed today. In this dynamic environment, new dependencies and new risks are born. Information is a valuable business asset and organizations must make sure that information remains available and trustworthy yet protected […]

Obrela Security Industries Advisory (OSI-1402)

Advisory ID  OSI-1402 Description Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql() which may lead to remote code execution or denial of service. An arbitrary write of zero in to any location at […]

Multiple vulnerabilities identified on Aircrack-ng

About a month ago I identified four vulnerabilities in Aircrack-ng suite. A brief but technical description may be found below. Furthermore, references on the proof-of-concept exploit code and the OSI advisory maybe be found at the end of this article. CVE-2014-8322 One of them could lead to remote code execution. Specifically in aireplay’s tcp_test function […]

Obrela Security Industries Advisory (OSI-1401)

Advisory ID OSI-1401 Description Four vulnerabilities exist on aircrack-ng <= 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified: A stack overflow at airodump-ng gps_tracker() which may lead to code execution, privilege escalation. A length parameter inconsistency at aireplay tcp_test() which may lead to […]

Critical vulnerability on Drupal 7

Today a vulnerability was disclosed under CVE-2014-3704 / SA-CORE-2014-005 on the Drupal <7.32 that allows an unauthenticated attacker to execute arbitrary SQL. The Proof of Concept was disclosed and involved the SQL update of the user with UID=1 (admin). Where is this based? It exists (ed) in the Drupal core. Drupal 7 includes a database […]

POODLE attack or the end of SSLv3

Google has recently disclosed a (new?) SSLv3 vulnerability that allows an attacker controlling the SSL-encrypted network stream between client and server to extract the plaintext of specific parts of the communication, most “preferable” cookies. Does it have to do with BEAST again? Due to the well-known insecurities of SSL researchers have speculated the existence of […]

Critical GNU Bash Vulnerability

On Wedneday, 24 September 2014, a new and very powerful vulnerability affecting Linux and Unix-based systems was published (CVE-2014-6271). The vulnerability allows attackers to execute system commands on vulnerable systems and potentially compromise the integrity, availability and confidentially of information.  At the time of this writing, the vulnerability is used for malicious intentions including infecting […]