C Language Standards Update – Zero-size Reallocations are Undefined Behavior

[Editor's Note: Robert Seacord of NCC Group is a longstanding member of the C Standards Committee. In this blog post, he outlines a recently adopted change he proposed to the C Language Standard, to help eliminate double-free vulnerabilities being introduced to C code as a result of zero-sized reallocations of memory.] by Robert Seacord The … Continue reading C Language Standards Update – Zero-size Reallocations are Undefined Behavior

Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

By Aleksandar Kircanski and Terence Tarvis A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin’s … Continue reading Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

Conference Talks – March 2020

This month, members of NCC Group will be presenting their work at the following conferences: Adam Rudderman, "Bug Bounty: Why is this happening?" presented at Nullcon Goa (Goa, India - March 3-7 2020) Rob Wood, "[Panel]: CSIS Security Panel Discussion," presented at OCP Global Summit (San Jose, CA - March 4-5 2020) Rory McCune, "[Training]: … Continue reading Conference Talks – March 2020

Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

In December 2019, MobileCoin engaged NCC Group to conduct a review of the AES/GCM and ChaCha20+Poly1305 implementations provided by the RustCrypto/AEADs crates. The intended usage context of these crates includes SGX enclaves, making timing-related side channel attacks relevant to this assessment. Two consultants provided five person-days of effort. The Public Report for this audit may … Continue reading Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

By Sultan Qasim Khan Microcontrollers commonly include features to prevent the readout of sensitive information in internal storage. Such features are commonly referred to as readback protection or readout protection. This paper describes common readback protection implementation flaws, discusses techniques that can be used to defeat readback protection, and provides guidance to implement effective readback … Continue reading Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)

Vendor: playSMS Vendor URL: https://playsms.org/ Versions affected: Before 1.4.3 Systems Affected: All Author: Lucas Rosevear Advisory URL / CVE Identifier: CVE-2020-8644 Risk: Critical Summary: PlaySMS is an open source SMS gateway, which has a web management portal written in PHP. PlaySMS supports a custom PHP templating system, called tpl (https://github.com/antonraharja/tpl). PlaySMS double processes a server-side … Continue reading Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)

Conference Talks – February 2020

This month, members of NCC Group will be giving the following 6 conference presentations: Mark Manning, "Command and KubeCTL: Real-World Kubernetes Security for Pentesters" presented at Shmoocon (Washington, DC - January 31-February 2 2020)Clint Gibler, "How to 10X Your Company’s Security (Without a Series D)," presented at BSidesSF (San Francisco, CA - February 22-24 2020) Clint Gibler, … Continue reading Conference Talks – February 2020

Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit

In October 2019, the Electric Coin Company engaged NCC Group to conduct a review of two Zcash improvement proposals (ZIP 213 and ZIP 221) and of the implementation of ZIP 208 within the Zcash node implementation. ZIP 213 proposes a change to consensus rules to allow coinbase transactions to target shielded addresses.  ZIP 221 describes … Continue reading Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit

Conference Talks – January 2020

This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, "DevSecOps State of the Union v2.0," presented at AppSec Cali (Santa Monica, CA - January 22-24 … Continue reading Conference Talks – January 2020