ibility to constantly increase the bar and with the use of all
available technological means.
Thank you.
Best Regards,
Adam Gowdiak
--
Security Explorations -
AG Security Research Lab
https://security-explor
in a
more in-depth understanding of Microsoft PlayReady technology
operation and its limitations. We hope it helps others avoid some
mistakes too.
Thank you.
Best Regards,
Adam Gowdiak
--
Security Explorations -
AG Security Research La
of a content key.
In the context of no confirmation / denial [4] from the platforms
indicated above as being affected, the crypto check should constitute
sufficient proof to support that claim alone.
Thank you.
Best Regards,
Adam Gowdiak
--
Security Explorations
s 10 and 11 x64 systems across
various builds
from late 2022 till Mar 2024 (systems without and with HW DRM capability).
Thank you.
Best Regards,
Adam Gowdiak
------
Security Explorations -
AG Security Research Lab
https://security-explorations.com
lt is not to inform vendors about security findings
anymore and to disclose the results of research to the public without
prior notification.
Thank you.
Best Regards,
Adam Gowdiak
-
Security Explorations - AGSecRec Lab
https://security-explorations.com
---
et me say that Oracle, which had tons of reasons to ignore
my person has always delivered a response to my inquiry...
Thank you.
Best Regards,
Adam Gowdiak
--
Security Explorations -
AG Security Research Lab
https://security-explorations.com
---
Hello,
Microsoft PlayReady is one of the key technologies used by PayTV
industry and OTT platforms for Digital Rights Management and content
security in general. According to Microsoft, PlayReady Server SDK has
several hundred service provider licensees.
Security Explorations conducted security
Hello All,
On Mar 20, 2019 Security Explorations reported a security vulnerability
(Issue 19) to Gemalto [1], that made it possible to achieve read, write
and native code execution access on company's card (GemXplore 3G v3.0).
On Mar 30, 2019, Gemalto provided is with the results o
eys or existence of some other
means facilitating it (a vulnerability in card OS, installed applications,
exposed interfaces, etc.). Such scenarios cannot be excluded though.
On Mar 20 2019, Security Explorations sent vulnerability notices to Oracle
and Gemalto containing detailed information abo
-
Security Explorations
http://www.security-explorations.com
"We bring security research to a new level"
-
W dniu 22.01.2019 o 11:21, Security Explorations pisze:
Hello All,
The report presenting the results of our S
e art.
Thank you.
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-explorations.com
"We bring security research to a new level"
-
References:
[1] NC+
https://ncplus.p
igned with content providers).
In that context, we see no reason to continue keeping SRP-2018-01 material
under wraps.
Thank you.
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-explorations.com
"We bring security research
rmation to general public (vulnerable chipset models, whether
vulnerable IP is used in other products, possible remediation steps, etc).
Security Explorations will continue engaging various entities such as
US-CERT
in a goal to acquire accurate information pertaining to the impact and
addressing
o
Hello Nicolas,
I have such a contact - I'll reply to you privately.
Thank you very much for your prompt response and for providing
us with this contact information. We do appreciate it.
--
Best Regards,
Adam Gowdiak
-
Security Explorations
TB
devices vulnerable to STMicroelectronics flaws, please let us know.
Thank you.
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-explorations.com
"We bring security research
Hello All,
Today, Security Explorations sent an official inquiry to NC+ operator
regarding the replacement process of set-top-box devices conducted by
the company in Poland (whether STBs vulnerable to STMicroelectronics
vulnerabilities are replaced, whether the replacement process is
required
sage from 01-Feb-2012".
Thank you.
--
Best Regards,
Adam Gowdiak
-----
Security Explorations
http://www.security-explorations.com
"We bring security research to a new level"
-
References:
[1] NC
am Gowdiak
-
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
-
___
Sent through the Full Disclosure mailing list
http
further upon finding out
that package access restrictions introduced in their internal build
of Java blocked our POC code for Issue 70.
Thank you.
--
Best Regards,
Adam Gowdiak
-----
Security Explorations
http://www.security-explorations.com
"We brin
-3009 identifier strings appears).
Thank you.
--
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
-
Reference
am Gowdiak
-
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
-
References:
[1] IBM developer kits
http://www.ibm.com/developerworks/java/jdk/
Hello All,
On Mar 07, 2016 Security Explorations modified its Disclosure Policy [1].
As a result, we do not tolerate broken fixes any more. If an instance
of a broken fix for a vulnerability we already reported to the vendor
is encountered, it gets disclosed by us without any prior notice.
The
Hello All,
On Jun 30, 2015 Security Explorations reported a security vulnerability
(Issue 42 assigned CVE-2015-4871) to Oracle affecting Java SE 7 [1].
In our original report [2], we indicated that the vulnerability had its
origin in klassItable::initialize_itable_for_interface method
bit.
Thank you.
Best Regards,
Adam Gowdiak
-----
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
-
References:
[1] The Java Virtual Machine Specification, Java SE 7 Edition
http://docs.oracle
es, Oracle claimed that
"it occasionally allowed the patches to be released the end of the month
when the CPU was issued [9]. As a result some of these patches have been
delayed".
Thank you.
Best Regards,
Adam Gowdiak
-
Security Exploratio
Hello All,
Security Explorations decided to release technical details as well as
accompanying Proof of Concept codes (three complete GAE Java sandbox
escapes) for security issues identified in Google App Engine for Java
after initial Issues 1-31 [1] have been addressed by the company. All
Hello All,
Security Explorations released technical details and POC codes for
additional security vulnerabilities found in Google App Engine for
Java. All relevant materials can be found at our SE-2014-02 project
details page:
http://www.security-explorations.com/en/SE-2014-02-details.html
ment in Google's own yard.
Thank you.
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
-
References:
[1] Secur
ccount and making it possible to complete our project.
We really appreciate it.
Thank you.
Best Regards,
Adam Gowdiak
-----
Security Explorations
http://www.security-explorations.com
"We bring security
share the results of our research with the security community.
Thank you.
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
-
as an indirect
acknowledgment of
a Java security mess spilling beyond the usual victim (applets / browser
plugin).
Thank you.
Best Regards,
Adam Gowdiak
-
Security Explorations
http://www.security-exploration
nts. Java security issues can pose a significant security
risk to any software that relies on a vulnerable Java VM implementation
processing untrusted, potentially malicious Java code.
Oracle Database is no exceptions here.
Thank you.
Best Regards,
Adam Gowdiak
-
Hello All,
Security Explorations discovered multiple security issues in the
implementation
of a Java VM embedded in Oracle Database software [1].
Discovered security issues violate many "Secure Coding Guidelines for the
Java Programming Language" [2]. Most of them demonstrate a
On 2014-04-01 10:40, Security Explorations wrote:
We take this opportunity to encourage all customers of Oracle Java Cloud
Service that signed up for the service between Jun 2012 and Jan 2013 in
either US1 or EMEA1...
It looks April Fools' Day is playing with us too...There is some
Hello All,
Security Explorations decided to release technical details and
accompanying Proof of Concept codes for security vulnerabilities
discovered in the environment of Oracle [1] Java Cloud Service
[2]. All relevant materials can be found at the following location:
http://www.security
35 matches
Mail list logo