Publications
MWR InfoSecurity work with the CPNI (Centre for the Protection of National Infrastructure) to publish security advisories (formerly known as UNIRAS Alerts) which we discover via client assignments or research projects. These advisories disclose and discuss vulnerabilities in systems which are in widespread use and CPNI then liaise with the vendors to secure the application in question. The disclosure of these vulnerabilities gives CPNI the ability to provide timely information concerning potential IT security problems that could affect the Critical National Infrastructure community.
The work of CPNI is underpinned by the principle of responsible disclosure. Information is released to stakeholders at the appropriate time, with the aim of minimising any possible disruption from the threat.
Further information on the work of the CPNI can be found at www.cpni.gov.uk
Recent advisories produced by MWR InfoSecurity are listed below in date order. On this page you can also find recent presentations and White Papers from MWR InfoSecurity consultants.
Full TextPresentation: ShmooCon 2010 - How To Be An RSol: Effective Bug Hunting in Solaris
Mar 05, 2010
Matt Hillman presented at ShmooCon 2010 in Washington DC about his research in Solaris bug hunting. The presentation included demos of his software which provides a Ruby based debugging interface to Solaris, allowing implementation of tools to perform fault monitoring for fuzzers, code coverage, run tracing, code profiling and fault injection.
Weapons of Mass Pwnage: Attacking Deployment Solutions - DeepSec 2009
Dec 03, 2009
Luke Jennings presented at DeepSec '09 in Vienna, Austria regarding the security of deployment solutions and some of the recent vulnerabilities he discovered in Symantec's Altiris Deployment Solution. The slides for this presentation are available from the download link above.
USB Attacks: Fun with Plug and 0wn - T2'09
Oct 29, 2009
On Thursday 29th October 2009 Rafa gave an updated version of his "USB Attacks: Fun with Plug and 0wn" presentation at T2'09 in Helsinki, Finland. The slides from the presentation can be downloaded from the link above.
Additionally, the advisory detailing the vulnerability which was the focus of the presentation has now been released and can be downloaded here.
Fun with Plug & 0wn
Aug 04, 2009
On Sunday 2nd August 2009 Rafa presented his USB research at Defcon 17 in Las Vegas. The presentation can be downloaded using the link provided here.
HashCookies - A Simple Recipe
May 07, 2009
Since HTTP is stateless it utilises sessions in order to track a user’s state when using web based applications. Several vectors which exist which could permit an attacker to gain access to a user’s session and so could result in compromise of the users account or other sensitive information. The use of a changing and expiring session ID can enable a user’s session to be protected from a number of attacks. By transmitting a random salt to a web browser the web browser is able to use this salt in order to generate a new cookie by hashing information which only the web browser and web server know; this cookie is a HashCookie. Provided the salt is protected during the initial exchange, or an attacker is not in a position to intercept this communication, then in all instances even if an attacker is able to obtain a valid session ID for a user of a web based application the use of HashCookies would provide them no leverage over the user’s session. Implementation requires HashCookie support from both the web browser and web server.