Latest News
Read all latest blog posts
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad!
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad! Story Background On March 29, 2024, a report exposing a backdoor in the upstream source code of the controversial open-source project, the xz software package, was made public on the oss-security mailing list.
Read Morexz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad!
xz/liblzma Backdoor: Open Source Nuke? Maybe Not That Bad! Story Background On March 29, 2024, a report exposing a backdoor in the upstream source code of the controversial open-source project, the xz software package, was made public on the oss-security mailing list.
Read MoreSupermicro x11ssh-F OpenBMC Porting (WIP)
Supermicro x11ssh-F OpenBMC Porting (WIP) Introduction to BMC and OpenBMC BMC, short for Baseboard Management Controller, is a specialized microcontroller embedded in certain computers, typically servers.
Read MoreKey management of OpenPGP Card
Key management of OpenPGP Card Background As blank smartcards supporting Java Card 3.
Read MoreProtect the Watcher: Hardened SIEM/XDR server with VED
Background Modern cybersecurity operation centers significantly depend on two key elements: agent-based security solutions operating on desktops, laptops, and server operating systems, and a threat analysis system, often referred to as a Security Information and Event Management (SIEM) system or eXtended Detection and Response (XDR).
Read MoreVault Range - The Measure and Resilience of Weaponized Exploit Methods for Linux
Disclaimer VED (Vault Exploit Defense) test image contains only the VED kernel module, and does not contain any security baselines, access control policies and situational hardening solution.
Read More+PROTECTING LINUX AT KERNEL LEVEL WHY AND HOW
Introduction We designed Vault Exploits Defense (VED) as a foundation security layer for various flavors of Linux operating system.
Read MoreMemory corruption in JCRE: An unpatchable HSM may swallow your private key
Background The key has always been a core target of security protection.
Read MoreAvoiding Single-Point-of-Failure and securing the Root Infrastructure: TCG TPM 2.0
What is TCG TPM 2.0? Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.
Read MoreDemystifiying SMPC (Secure multi-party computation) and its threat model
Prologue SMPC is an interesting topic, whose the applications include systematic security and cryptographic engineering, and this article will discuss its principles, threat models and use-case.
Read More