Compass Security Blog

Offensive Defense

Page 2 of 3

Access control in Windows

According to [Access Control, 2013], “Access control refers to security features that control who [sic] can access resources in the operating system. Applications call access control functions to set who can access specific resources or control access to resources provided by the application.” The Windows access control model is founded on two base components: access […]

Continue reading

Embedded devices and cell phone flash memory acquisition using JTAG

Back in Black (back from Black Hat with a bag full of schwag and branded black shirts).  Black Hat and DEF CON again allowed insights into latest research and concerns. Where some topics loose grip ( vulnerability scanning, IPv4, DNS, general web issues) others gain momentum (DDoS, mobile computing, smart energy, industrial control and embedded […]

Continue reading

OpenSSH authentication with SuisseID

SuisseID is the first legally accepted, standardized, electronic identification hardware in Switzerland. Available since 2010 for any person living in Switzerland, it contains two X.509 certificates, one for authentication and one for qualified signatures. ‘Qualified’ in this regard means that is legally treated equally to a manual signature. This is especially interesting for signing contracts, […]

Continue reading

OpenSSH enables true Multi Factor Authentication

Over the past years system administrators had to learn that password authentication has its shortcomings. The protection level of password based authentication methods depends heavily on the password quality as well as the password handling of the users, where the latter is difficult to manage strictly. Public Key based authentication methods came to the rescue, […]

Continue reading

Compass Crew Member Speaking at Black Hat USA

Cyrill Brunschwiler’s talk was selected “among the very best research available today” to be presented side-by-side with the security industries top researchers on the world’s most renowned security conference – Black Hat USA in Las Vegas. He will be speaking on “Energy Fraud and Orchestrated Blackouts: Issues with Wireless Metering Protocols (wM-Bus)”. The work presented […]

Continue reading

Lean Risk Assessment based on OCTAVE Allegro

The article will provide a quick overview and introduction into the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro [1] methodology, its approach and terminology. OCTAVE Allegro is an asset centric and lean risk assessment successor of the OCTAVE method. The method supports a straight-forward qualitative risk assessment and structured threat analysis which mainly […]

Continue reading

XSS – The never ending story

Cross-Site Scripting (XSS) has lost one rank in the newly released OWASP Top Ten 2013 candidate. Compared to the 2010 version, it’s now on rank three, overtaken by “Broken Authentication and Session Management”. Has XSS become less common then? No, I don’t think so. Compass Security has always been strong in web application security testing […]

Continue reading

Advanced Metering Infrastructure Architecture and Components

The advanced metering infrastructure (AMI) is typically structured into a bunch of networks and composed of a few major components. Figure 1 provides an overview of all components and most networks. It is made up of the Meter, the Collector and of the server systems at the distribution system operator (DSO) or metering company side. […]

Continue reading

The Metering Infrastructure

I have provided introductions to the electrical and specifically the smart grid earlier on. Today I will briefly introduce the advanced metering infrastructure – its purpose, benefits and issues. Moreover, different approaches to metering and some ongoing security standards and specifications processes and organizations will be referenced. Purpose of Smart Meters The reason for smart […]

Continue reading

Compass Security eröffnet Niederlassung in Berlin

Die Compass Security AG unternimmt die nächsten Wachstumsschritte auf europäischer Ebene. Unter der Firmierung Compass Security Deutschland GmbH (www.csnc.de) hat das Team rund um Marco Di Filippo (bisher Regional Director Germany) am 01. Januar 2013 ihre Arbeit in Berlin aufgenommen. Die hohe Nachfrage aus dem Raum Deutschland veranlasste die Compass Security AG, ihre Aktivitäten sowie […]

Continue reading

« Older posts Newer posts »