Threat briefs
Distributed Ledger (Blockchain) Security and Quantum Computing Implications
NCC Group was recently posed the following by one of our UK CISO Research Council members: ‘Blockchain (especially BitCoin) is highly dependent on elliptic curve crypto and hashes like SHA256 and RIPEMD-160, which are all vulnerable to quantum computing attacks using Shaw’s and Grover’s algorithms. The banks are all going…
USB keyboards by post – use of embedded keystroke injectors to bypass autorun restrictions on modern desktop operating systems
In this threat brief we will discuss the existence of embedded USB keyboards that are becoming increasingly common, these keyboard like devices can be used to bypass the security enhancements in modern operating systems or configuration settings that stop the automatic execution of code from USB devices. However these devices…
ASP.NET Security and the Importance of KB2698981 in Cloud Environments
In September 2012 NCC Group noted a security issue relating to the use of ASP.NET forms authentication in a shared/cloud hosting environment, which could potentially allow an attacker to successfully authenticate to an application for which they do not have valid credentials. This threat brief will discuss this issue in…