CVE-2011-0228 iOS certificate chain validation issue in handling of X.509 certificates

Recurity Labs recently conducted a project for the German Federal Office for Information Security (BSI), which (amongst others) also concerned the iOS platform. During the analysis, a severe vulnerability...

dRuby for Penetration Testers

I like Ruby somehow, a nice and shiny programming language. At some point last year, I decided to have a closer look at 'Distributed Ruby' (also called dRuby). dRuby is...

At least, I got DoS

On January 11th, a new version of Wireshark has been released. The release contained several security-relevant fixes. Inspired by this fact, on a rainy evening I decided to have...

Jail-breaking the Cisco Unified Communication Manager (CUCM)

We have a long and very good relation to the Cisco PSIRT team, reporting vulnerabilities to them and patiently waiting until fixes are provided. But some things, we simply...

Carnival of the Cultures 2010

A great team needs a good environment to work in, and the environment doesn't stop at the office door. The cultural space in which you live also plays an...