“Jailbreak Detection” is a set of checks, mostly performed by Mobile Device Management solutions like MobileIron / Good Technologies or other third party Apps to determine if a device is jailbroken or not. It checks if all security controls of Apple’s iOS are still in place and if we can / should / want “trust” […]
During our most recent HackLab Day – a quarterly event where Compass analysts research new security topics or solutions – I have investigated Microsoft’s next version of its mobile operating system “Windows Phone 8” (WP8). This update to the previously released Windows Phone 7 version integrates a complete new Kernel (shared with Windows 8 ) […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation Define […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation The last […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation Another pitfall […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation In this […]
The following article describes common security issues regarding misconfigured sudoers’ files. The article focuses on a single entry which contains several security issues: hacker10 ALL= (root) /bin/less /var/log/* The article is split into the following five chapters: PART 1: Command Execution PART 2: Insecure Functionality PART 3: Permissions PART 4: Wildcards PART 5: Recapitulation In this […]
Most XML parsers are vulnerable for XML external entitiy attacks (XXE) by default. So what’s your mitigation? The easiest way to prevent XXE is to disallow the Doctype declaration completely: import java.io.File; import org.jdom.Document; import org.jdom.JDOMException; import org.jdom.input.SAXBuilder; public class XEE_Disallow_Doctype_Decl { public static void main(String[] args) { String element= null; SAXBuilder objBuilder = null; […]
The community hosts a neat little project called AntiSamy[1] which lends its name from the well known MySpace worm[2] and which comes in handy when trying to mitigate Cross-site Scripting[3] attacks. Whereby XSS is sometimes hard to mitigate when business is asking for HTML formatting in user supplied inputs. At that point, AntiSamy might become […]
As penetration testers, our main goal is to identify as many vulnerabilities as possible. This allows our customers to more objectifly assess their security level and to shut as many doors as possible which an intruder could use to break in. This process needs to be based in respect of cost-benefit, depending on risk probabily […]
© 2025 Compass Security Blog