Our Research

Playing with canaries

Analysis of compiler stack canaries and their implementation across various architectures.
Read More

EFF secure messaging scorecard review

We decided to audit libotr to gauge its general maturity. Within several hours we identified a number of insecure coding practice issues and a lack of documentation that were reported. While we didn't find any serious security vulnerabilities, our gut feeling is the code uses enough bad programming constructs to warrant further investigation before getting a tick of approval. This post shares some of our work from the audit, and also some recommendations for software security relevant to the EFF Secure IM Scorecard work.
Read More

Vuln research on the WAG54G home router

Journey of hunting for bugs in the WAG54G routers http daemon. The end goal of this research is to find a way to remotely flash C&C firmware (pre-auth), while learning a thing or two along the way... hey, we'd never actually touched MIPS assembly before this!
Read More

UX vs Security - Remember Me enabled by default is a bad design

An introduction to the UX design considerations for remember-me authentication.
Read More

A review of the EFF secure messaging scorecard...

First part in a series of reviews against IM clients promoted by the EFF secure messaging scorecard, drawing from real examples to demonstrate the dependency between privacy and security. Findings have been patched in the latest release of target application.
Read More


Featured In



Interested in talking?

Contact Us