Hardware Reverse Engineering: Overview and Open Challenges

Reverse Engineering

by Fyrbiak, Straub, Kison, Walla, Elson, Rummel, and Paar
The contribution of our work is threefold: first, we systematically study the current research branches related to hardware reverse engineering ranging from decapsulation to gate-level netlist analysis. Based on our overview, we formulate several open research questions to scientifically quantify reverse engineering, including technical and human factors. Second, we survey research on problem solving and on the acquisition of expertise and discuss its potential to quantify human factors in reverse engineering. Third, we propose novel directions for future interdisciplinary research encompassing both technical and psychological perspectives that hold the promise to holistically capture the complexity of hardware reverse engineering.

» Read more

Ensuring the Success of Your Internet and Cloud Adoption with PacketShaper

by Mike Chen

In today’s business world, cloud computing and the Internet are synonymous with efficiency, flexibility, and mobility. It is unimaginable to operate a business today without heavy dependencies on Internet or cloud services. The question is: how do you ensure a balance in your network performance of critical cloud applications, such as Office 365 or SalesForce, against other bandwidth-hungry applications like YouTube or Facebook? Utilizing the right technology with application level visibility and granular control is the key. Symantec PacketShaper offers 360 degree visibility into network traffic, and it provides powerful Quality of Service (QoS) controls to manage and prioritize application traffic.
» Read more

Two attacks against VoIP

by Peter Thermos

This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user’s VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications. Although VoIP is implemented using various signaling protocols, this article focuses on attacks associated with the SIP (Session Initiation Protocol), an IETF standard (RFC 3261). The two attacks, among others such as DoS, have been discussed in various research papers but they haven’t been acknowledged publicly as active attacks.
» Read more

Acrylic WiFi Home

Acrylic Wi-Fi Home is a Free WiFi scanner that displays WiFi access points and shows information of the security mechanisms and obtains generic WiFi passwords thanks to a plugins system. Our WiFi scanner is able to gather information from 802.11/a/b/g/n/ac networks.

Access points: WiFi networks information (SSID/BSSID) and connected users.
Signal level: Signal quality charts for WiFi channels and detected devices.
Inventory: Naming known Wi-Fi devices.
Passwords: WiFi passwords and default WPS Keys (password testing).
Channels: WiFi channel scanner and WiFi networks through channels in 2.4Ghz and 5Ghz.
Security: Network authentication and security details for WEP, WPA, WPA2 and Enterprise (802.1X) WiFi networks.
Hardware: No special hardware is required for its operation.
» Read more

A Lightbulb Worm?

By Colin O’Flynn

This whitepaper is designed to show some details of the Philips Hue system. It is not designed to demonstrate any specific attack, but instead a chance to “poke around” to see what security features are present. It is designed to serve as a reference for those designing similar systems, to give an idea what attack surfaces might be exploited.
» Read more

W32.Qakbot in Detail


By Nicolas Falliere

There are several information stealing Trojans found in cyberspace today. What makes Qakbot stand apart from most of the others is sophistication and continuous evolution. The purpose of this white paper is to provide an insight into the worm’s capabilities.
» Read more

How to keep your online information secure while using public Wi-Fi

By Chris San Filippo

Public Wi-Fi networks, connecting us from our computers, tablets, phones, and technologies are being offered by more companies every day. Working from coffee shops, checking social media from restaurants or malls, or connecting to Wi-Fi from a hotel or another public-facing business are commonplace these days. But with the amount of personal data stored on our online accounts, how can you safeguard your information from any prying eyes?
» Read more

What Healthcare Security in 2016 Can Tell Us About How to Train Better for 2017

By Tahshina Mohsin
Security awareness training in healthcare holds significance from many perspectives. Not only is it important to comply with healthcare regulations, it also plays a role in driving a team approach to healthcare security to include workplace ethics, risky behavior and potential beneficial outcomes that result from being security-aware.
» Read more

Building a Security Policy Framework for a Large, Multi-national Company

By Leslie VanCura

Information Security is not just technology. It is a process, a policy, and a culture. Our organization had spent millions of dollars on technology to keep the “bad guys” out, but we had spent little time building the foundations of our Information Security Program. We did not have relevant, current policies or a culture of security awareness among our managers or end users. The technology was not able to prevent end users from disabling it or doing unintentional damage by opening strange email attachments or telling someone their password. This paper will discuss how we created a Security Awareness Program to address this problem. The program covers policy development, an awareness campaign, and compliance monitoring.
» Read more

1 2 3 29