Benjamin Schwendemann – Insinuator.net

November 29, 2018 by Benjamin Schwendemann

On the insecurity of math.random and it’s siblings

During code reviews we often see developers using weak RNGs like math.random() to generate cryptographic secrets. We think it is commonly known that weak random number generators (RNG) must not be used for any kind of secret and recommend using secure alternatives. I explicitly did not state a specific language yet, because basically every language offers both weak and strong RNGs.

So I asked myself: What if I use a weak RNG to generate a secret? Is it possible to recover the secret from some derived value, like a hash?

Continue reading “On the insecurity of math.random and it’s siblings”

Breaking

November 22, 2016 by Benjamin Schwendemann

Research Diary: IP-Cameras

As you probably know we perform research on a regular basis at ERNW. This post is the first entry on our – Benjamin’s and Pascal’s – research diary. You might already have seen Oliver’s post on setting up an research environment or Brian’s posts on IoT botnets (here and here). With that in mind we want to take a look at one of the market leaders for network camera equipment: AXIS.

Continue reading “Research Diary: IP-Cameras”

Breaking

May 24, 2016 by Benjamin Schwendemann

WPAD Name Collision Vulnerability (TA16-144A)

Yesterday the US-CERT released a Technical Alert (TA16-144A) about the recently found WPAD Name Collision Vulnerability. We will give you a summary about the vulnerability as well as the basic mechanisms here.

Continue reading “WPAD Name Collision Vulnerability (TA16-144A)”

Events

January 16, 2016 by Benjamin Schwendemann

32C3 Recap – Part 2

Hello everybody and welcome to the second part of our 32C3 recap!

In case you didn’t see the first part, make sure to check it out 😉
Continue reading “32C3 Recap – Part 2”

Events

January 8, 2016 by Benjamin Schwendemann

32C3 Recap – Part1

Every year a group of us are happy to use the holidays to travel to Hamburg to meet other people and learn something new at the 32C3.

In this small series we’ll present you recaps of some talks we found most interesting, but you also should make sure to watch the recording of them. 😉

Continue reading “32C3 Recap – Part1”

Misc

July 15, 2015 by Benjamin Schwendemann

Solving sound issues when using WebEx with Linux and Firefox

Hello everybody,

Some of you might use WebEx in their daily life. And some of you might use Linux (as I and many of us do). However, this combination often results in issues with your PC’s sound or microphone use in a WebEx session.

The problem here is that WebEx won’t run as intended with Firefox and JRE x64. But the solution is quite easy! Use the x86-versions of each.

Probably you don’t want to replace your x64 versions of either of them — and neither do I. So I wrote a little script which helps you to quickly switch to the x86 versions, while you still have the x64 versions installed. And here is how to do it:

Continue reading “Solving sound issues when using WebEx with Linux and Firefox”

Breaking

December 19, 2014 by Benjamin Schwendemann

Getting 20k Inline-QR-Codes out of Burp

Lately we had to analyze QR-Codes in a pentest. Those held some random data which was used as a token for login and we wanted to know if that data was really random.

Continue reading “Getting 20k Inline-QR-Codes out of Burp”