By Mark Hofman, Terry Darling, and Simon Treadaway 1- MS15-034 – HTTP.sys Advisory (CVE CVE-2015-1635) Microsoft earlier this week released a patch for both servers and workstations, MS15-034. This patch addresses an issue in the file http.sys. The http.sys file is used by the operating system to accept and process HTTP and HTTPS requests. At […]
Shearwater is a specialist information security services provider. We address four of the key information security challenges confronting organisations today, the challenges of securing applications; managing security operations; maintaining compliance, and improving awareness and security education across the board. We provide a combination of integrated services and capabilities delivered through our highly experienced information security and risk professionals.
Entries by Shearwater
By Terry Dolbey and Matt Stiles 1- Background on GHOST Vulnerability CVE-2015-0235 GNU C Library (glibc) is the implementation of the C library used by the GNU project. This library provides the core functionality to Unix and Linux (Nix) based Operating Systems and access to common functions used by applications installed on the Operating Systems. […]
Background on CVE-2014-0160 (Heartbleed) Secure Sockets Layer (SSL), and Transport Layer Security (TLS) are cryptographic protocols that are used to provide secure communications between a client and a server, and is most often used to encrypt HTTP traffic. SSL and TLS can also be used to secure other communications protocols including those used by email […]
[NOTE: All information was gathered from public websites] Discovering information leakage in files and why it’s important? During the build-up to our recent product launch of “phriendlyphishing.com”, Shearwater Ethical Hacking team (SEH) conducted hefty amounts of research into phishing attacks, and how they are being used to compromise countless individuals, corporations and governments every day. […]