HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Displaying articles for: July 2014

HP Security Briefing, episode 15 - Bitcoin and security

In the July 2014 Security Briefing we look at Bitcoin, the largest of the emerging class of value-exchange mechanisms called cryptocurrencies.

There’s No Place Like Localhost: A Welcoming Front Door To Medium Integrity

This year, Abdul Aziz Hariri, Jasiel Spelman, and myself (Matt Molinyawe) of the Zero Day Initiative were involved in producing an exploit for this year’s Pwn4Fun. It demonstrated our work and that people from major companies could produce a full exploit in the name of charity, good will, and trying to make positive change in software without asking for anything in return. The Zero Day Initiative had also disclosed 6 additional Microsoft Internet Explorer vulnerabilities found by Abdul Aziz Hariri over the two weeks prior to this event.

Efficacy of MemoryProtection against use-after-free vulnerabilities

As of the July 2014 patch of Internet Explorer, Microsoft has taken a major step in the evolution of exploit mitigations built into its browser. The new mitigation technology is called MemoryProtection (or MemProtect, for short) and has been shown to be quite effective against a range of use-after-free (UAF) vulnerabilities. Not all UAFs are equally affected, however. Here we’ll discuss what MemoryProtection is and how it operates, and evaluate its effectiveness against various types of UAFs.

Labels: IE| MemoryProtection| UAF| ZDI

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 25, 2014

OSINT.jpgWelcome to the July 25th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

HP Security Research ‘Talkapalooza’ dates released!

HP Security Research (HPSR) giants will hit the road for a four-month global tour that touches down on four continents. View the roster of conferences at which team members will be speaking and plan to join us!

Tags: conferences| HPSR
Labels: conferences| HPSR

Dyre times for online banking customers

HP DVLabs security researcher Mat Powell provides details on a one of the newer banking trojans on the scene. Customers in the US and UK should be aware of "Dyreza" or "Dyre" and its browser-hooking ways.

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 18, 2014

OSINT.jpgIt's the July 18th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

Bitcoin and security (part 3 of 3)

In the final post of our Bitcoin series, we look at the possibilities for cybercrime involving the cryptocurrency – as a target, as an exchange mechanism, and as a contributing element.

Four years and counting: ZDI leads Frost & Sullivan disclosure field

HP Security Research has just learned that our Zero Day Initiative (ZDI) team has received the Global Frost & Sullivan Company of the Year Award for 2013 – the fourth year in a row we’ve been honored as the pre-eminent public vulnerability research program.  The award is an honor; reading Frost & Sullivan's report on the current state of vulnerability research is a treat.

Hacking POS Terminal for Fun and Non-profit

Point-of-Sale (POS) devices are an essential part of modern life; the blood line for merchants. As plastic payment cards have become the default payment method, the security of POS devices has become more crucial. I was interested in learning how real-world POS machines maintain security but “close examination” without the owner’s consent is a crime. I have no friends in business using POS devices, so I decided to order a used device for investigation. The Aloha POS system is known to be very popular in the hospitality sector. 

HP Security Research OSINT (OpenSource Intelligence) articles of interest--July 7th, 2014

OSINT.jpgIt's the July 7th edition of the HP Security Research OSINT articles of interest. This is a list of publically available articles that we find relevant in today's security news.  

Labels: HPSR

Bitcoin and Security: part 2 of 3

Delving more deeply into the mechanisms of Bitcoin, I examine how Bitcoin tackles two potential problems – counterfeiting and the fair distribution of currency – through interesting architectural choices, and show how two potential “wrongs” not only make a right, but provide fundamental strength to the system.

Why does Windows rearrange the arguments when executing external process?

Most people, including myself, would expect java.lang.Runtime.exec(String[]) to pass the arguments array to the command without any modification.

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
Follow Us


HP Blog

HP Software Solutions Blog

Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation