Home Archive for Security
Blog Archives

Vulnerabilities in Evoko products

Posted on 2017-04-27 by Emil Kvarnhammar Leave a comment

Update (20190213): Since the beginning of last year, TrueSec has worked closely together with the development team to improve security in both Evoko Liso and Evoko Home. All the vulnerabilities described in this post, with the exception of booting from

Read more ›

Posted in Hacking, Security

Denial of service – Evil is an art form

Posted on 2016-11-09 by Truesec Syd Leave a comment

Introduction This article was originally planned to be a part of a larger project where a presentation at the developer conference Öredev was the second part. However, the presentation at Öredev got cancelled (I have stage fright so I don’t

Read more ›

Tagged with: , , , , , , ,
Posted in Hacking, Security

Local file inclusion with tmp files

Posted on 2016-11-09 by Truesec Syd Leave a comment

A thing I noticed while writing the Hera tool and doing all the tests, is that some server setups did not have very good randomness in their temporary files. This opens up for some interesting opportunities if you happen to

Read more ›

Tagged with: , , , ,
Posted in Hacking, Security

DROWN – How the deprecated SSLv2 protocol can compromise modern TLS connections

Posted on 2016-04-04 by Johan Kinnander Leave a comment

Last month a serious SSL/TLS vulnerability named “DROWN” – “Decrypting RSA with Obsolete and Weakened eNcryption” – broke the surface. In this article I will explore the mechanics of the attack and why it works. I wanted to have a

Read more ›

Posted in Security

Problematic denial of service attacks

Posted on 2016-03-22 by Truesec Syd Leave a comment

If you are a regular reader of any relatively large Swedish newspaper, the recent attack on Swedish media this weekend probably have not escaped your notice. At approximately 20:00 Saturday evening on the 19th of March, a number of denial

Read more ›

Tagged with: ,
Posted in Security
Categories