Cracking into embedded devices and beyond!

As promised in my previous post, I have  just uploaded Cracking into embedded devices and beyond, Adrian Pastor’s presentation at ‘Hack in The Box’ Dubai 2008.

Thanks Adrian for your promptly response when asked for the slides and congratulations for your excellent contribution to the security community. Hope we can share a pint next time I’m in London. Un abrazo!

[Read more...]

Cerrudo’s talk prompts Microsoft to admit serious flaw on Windows

Hack in the Box???It’s Sunday evening and I have spent the last hour going through the slides of Cesar Cerrudo’s talk at HiTBSecConf 2008 that took place this week in Dubai. I know it’s sad, but the title of this blog is “passionate about information security”, isn’t it?

Let me give you a bit of background before going further. It’s been almost a month since Cesar Cerrudo, security researcher and CEO of Argeniss publicly warned that the latest Microsoft operating system, Windows Server 2008, might not be as secure as it seems. On an advisory released on March 24, he stated:

“The problem discovered by Argeniss results from design issues that were not identified by Microsoft engineers during the Security Development Lifecycle (SDL), and allows accounts commonly used by Windows services (NETWORK SERVICE and LOCAL SERVICE) to bypass new Windows services protection mechanisms and elevate privileges to achieve complete control over the operating system.”

[Read more...]