Archive for December, 2015

Further digging unveils more privacy-destroying features in Red Star OS

Continue reading

This repository includes several binaries from and tools for Red Star OS. These can be used for further research work. Continue reading

A TOP-SECRET document dated February 2011 reveals that British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks, a leading provider of networking and Internet security gear. Continue reading

Shortly after reading my post, Willem Pinckaers pointed out that the reseed_system_prng function sets the global variable system_prng_bufpos to 32. This means that after the first invocation of this function, the for loop right after the reseed call in system_prng_gen_block never executes. Hence, the ANSI X9.31 PRNG code is completely non-functional. Continue reading


The term, “Advanced persistent threat” (APT), has become almost as mainstream as security breaches in everyday news. With a multitude of scary pandas, jackals, lions and spiders to constantly worry about entering your corporate network, it can be hard to understand that there are some basic commonalities required for these advanced threats to gain a foothold in your network. We’ll detail some of the adversary thought process now. Continue reading

In today’s dynamic security world, organizations must understand the benefits of proactively testing their cyber security posture to properly defend against targeted attacks. An effective penetration testing and vulnerability assessment program is a critical component of enterprise security.

Continue reading

Did the NSA knacker ScreenOS? Probably not

Continue reading

To my friends running ScreenOS from Juniper, please review this critical security notice.

Continue reading