Latest News
October 12, 2011
In a recent article published on ‘The Register’ [1], Trusteer have attempted to “rebuff[...]” the “bank security bypass claims” apparently made by Digit Security in an article published in the Times [2] on the 1st October 2011. The article is almost exclusively composed of what are presumably quotes from the CEO of Trusteer, Mickey Boodaei. [...] read more read more
September 7, 2011
In the recent 44con security conference held at The Grange Hotel in London UK, Neil Kettle of Digit Security Ltd gave a presentation detailing the design of just one of the protections that Trusteer claim their product, namely Trusteer Rapport is capable of providing users. The information disclosed detailed both the design and implementation of [...] read more read more
July 23, 2011
The first vulnerability advisory, albeit covering many vulnerabilities in and of itself, affecting Securstar DriveCrypt has been released. The vulnerability in question exists due to the improper validation of a user-supplied pointer within a structure passed as argument to the IOCTL interface exported from the globally accessible “\\.\DCR” device. An attacker exploiting this vulnerability may [...] read more read more
Contact Us
Home \ Company Blog

DESLock+ advisory posted, the first, of many

The first vulnerability advisory affecting Data Encryption Systems DESlock+ has been released in the hope that a two and a half year old vulnerability will finally be fixed.

The vulnerability in question exists due to the improper validation of a user-supplied pointer within a structure passed as argument to the IOCTL interface exported from the globally accessible “\\.\DLPTokenWalter0” device. An attacker exploiting this vulnerability may execute arbitrary code with kernel mode privileges, or cause a Denial of Service attack via a page fault caused by an invalid pointer dereference. All version of DESLock+ are affected, including the CESG CCTM (http://www.cctmark.gov.uk/) approved version (v3.2.7), however, it should be noted that whilst Data Encryption Systems Ltd continue to tout the CCTM accreditation, the accreditation itself expired in May 2010.

Data Encryption Systems Ltd received the best “Encryption Solution of the Year” at “The Computing Security Awards 2010″ (http://www.computingsecurityawards.co.uk/).

On February 8, 2011, posted in: News, Research by Neil Kettle | No Comments »

Comments are closed.