In this post I will note down my procedure for coming up with the challenges for SecurityFest CTF. The idea is explaining my side of the creative process in the hope that it can be useful to other people organizing CTFs. I will finish sharing some personal experience on the other stages of the process like difficulty and scoring.
Sigue leyendo Challenge writer Write Up: Security Fest 2018 CTF challs
Today the OpenSSL project has released new versions for the 0.9.8, 1.0.0, 1.0.1 and 1.0.2 branches of the library. My current employer Coresec Systems AB has allowed me to spend some time preparing for the release and documenting a bit the issues and possible work arounds.
In this blogpost I will release some of the insights on what I have found about these issues, the risks they carry and, when possible, how they may be worked around if patching is impossible for you. This information is still provisional pending a full code analysis of the issues. Anyways, patched versions are better than any workaround to mitigate the problem so upgrading is not only recommended but a better solution.
Sigue leyendo March 2015’s OpenSSL releases and security advisory