Articles with tag: Research
POSTED BY: sophron / 11.05.2017

Lure10: Exploiting Windows Automatic Association Algorithm

Lure10 is a novel technique presented at the Hack-in-the-Box 2017 conference in Amsterdam that enables an attacker to automatically achieve a man-in-the-middle position against wireless devices running the Windows operating system. The attack requires no user interaction and exploits the "Wi-Fi Sense" feature found in recent versions of the Microsoft Windows platform.


POSTED BY: census / 26.04.2017

Hack In The Box 2017 Amsterdam

CENSUS researcher George Chatzisofroniou presented a novel WiFi attack technique named 'Lure10' at the CommSec track of the Hack In the Box 2017 conference in Amsterdam. The technique allows the automatic association of a Windows device to an attacker-controlled WiFi access point. The attacker may then mount a series of Man-in-the-Middle attacks to the victim device.


POSTED BY: census / 18.04.2017

INFILTRATE 2017

CENSUS researchers Vasilis Tsaousoglou and Patroklos Argyroudis delivered the "The Shadow over Android: Heap Exploitation Assistance for Android's libc Allocator" technical talk at the 2017 INFILTRATE (Miami, Florida) conference. The abstract of the talk follows:


POSTED BY: dimitris / 25.02.2012

libpurple OTR information leakage

census ID:census-2012-0001
CVE ID:CVE-2012-1257
Affected Products:libpurple (all versions), libpurple clients with DBUS support (incl. all versions of pidgin), pidgin-otr (all versions)
Class:Information Exposure (CWE-200), Privacy Violation (CWE-359), Information Exposure Through Sent Data (CWE-201)
Remote:No
Discovered by:Dimitris Glynos

libpurple-based applications broadcast the plaintext of OTR (off-the-record) conversations over DBUS. This makes the plaintext available to other (possibly unrelated) applications executing under the same user. Also, due to a design flaw in libpurple, the user’s choice of not logging OTR plaintext on Pidgin is not communicated over to the third party applications listening on DBUS. This may lead to unintentional (on disk) logging of private messages.