Young hacker smiling


Release the beast

Release the BEAST!

Understanding the BEAST
Quill icon Daniel Yepes   Folder icon attacks   Tag icon tls,  cbc,  vulnerability

The Browser Exploit Attack on SSL/TLS (B.E.A.S.T), - bet you thougth it was a rampage hack that launched nukes - it is a practical attack demonstrated by Thai Duong and Julian Rizzo at ekoparty in 2011. That was the lamest introduction ever, it’s not because the …

heartbleed official logo

My heart bleeds (but not for you)

Understanding the flaw behind Heartbleed
Quill icon Daniel Yepes   Folder icon attacks   Tag icon vulnerability,  bug,  openssl

Back in April 2014, one of the biggest vulnerabilities in recent history was found, HeartBleed. The popular open source cryptographic software library OpenSSL, had a critical flaw, [1] in the implementation of a extension on the Transport Layer Security (TLS) protocol. The wide use of OpenSSL on several services such …

Orion carrying Cedalion

Stand on the shoulders of giants

About software composition analysis
Quill icon Rafael Ballestas   Folder icon attacks   Tag icon testing,  dependency,  vulnerability

In our last post, we reproduced the discovery of a vulnerability in libpng. But that is only a small library, you might say, with a very limited scope and only 556 KiB installed. However, many, many packages depend on it. To see how many packages in the Arch Linux repository …

Person playing chess against a robotic arm

Will machines replace us?

Automatic detection vs manual detection
Quill icon Andres Cuberos   Folder icon philosophy   Tag icon application,  detect,  vulnerability,  scanner

More than 20 years have passed since Garry Kasparov, the chess world champion, was defeated by Deep Blue, the supercomputer designed by IBM. For many people, that event was proof that machines had managed to exceed human intelligence [1]. This believe raised many doubts and concerns regarding technological advance, that …

Service status - Terms of Use