Whitepaper: CA Alternative

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. CA Alternative Whitepapers 11 Feb 2015 - Braden Hollembaek Academic co-authors Adam Bates, Joe Pletcher, Tyler Nichols, Dave Tian and iSEC engineer Braden Hollembaek had a pair of interesting … Continue reading Whitepaper: CA Alternative

Whitepaper: Perfect Forward Security

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Perfect Forward Security Whitepaper 04 Sep 2014 - Pratik Guha Sarkar Encrypted communication channels were created so nobody could read confidential communications - this means not only during the … Continue reading Whitepaper: Perfect Forward Security

Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

by Timothy D. Morgan and Omar Al Ibrahim The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation … Continue reading Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

White Paper: Cryptopocalypse Reference Paper

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Cryptopocalypse Reference Paper 20 Mar 2014 - Javed Samuel Alex Stamos, Tom Ritter and Javed Samuel presented “Preparing for the Cryptopocalypse” at Black Hat 2013, looking into the latest … Continue reading White Paper: Cryptopocalypse Reference Paper

White Paper: Login Service Security

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Login Service Security 17 Dec 2013 - Rachel Engel Web application login services are deceptively simple to develop, leading application developers to repeat the mistakes of the past. Learning … Continue reading White Paper: Login Service Security

White Paper: Browser Extension Password Managers

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Browser Extension Password Managers 05 Nov 2013 - Paul Youn Advancements in password cracking and frequent theft of password databases endanger single-factor password authentication systems. Password managers are one … Continue reading White Paper: Browser Extension Password Managers

White Paper: An Introduction to Authenticated Encryption

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. An Introduction to Authenticated Encryption 29 Apr 2013 - Shawn Fitzgerald Historically, independent encryption and message authentication codes (MAC) have been used to provide message confidentiality and integrity. This … Continue reading White Paper: An Introduction to Authenticated Encryption

Advice for security decision makers contemplating the value of Antivirus

Over the last 12 months there has been an increasing amount of analysis on the effectiveness of desktop AntiVirus and its ability to detect and stop the reality of targeted attacks (I refuse to use the APT banner). This critique has been covered in pieces such as: The death of antivirus software (Infosec Island, January 2012)Is … Continue reading Advice for security decision makers contemplating the value of Antivirus

Lessons learned from 50 USB bugs

USB hosts are everywhere - laptops, TVs, tablets, car infotainment systems, even aeroplane seat-backs. All of these hosts need to understand the capabilities of devices that are connected to them - a process is known as enumeration. It is basically a conversation between the device and the host upon insertion to agree on what functionality … Continue reading Lessons learned from 50 USB bugs