Technical Analysis – Page 7

Unfulfilled Expectations: Revoked Certificates in JAR Signing

Written by Marc Nimmerrichter on 26.08.202026.01.2021

Oracle JarSigner does not check CRLs In April 2020 we became aware of a conceptual security issue in the Java JarSigner. The JarSigner does not check ...

Analysis of Crypto used by AppVeyor Secure Variables

Written by Marc Nimmerrichter on 26.03.202026.01.2021

We recently investigated AppVeyor’s “secure variables” (aka “Encrypt YAML”) feature. We wanted to understand the crypto and algorithms it uses (which is not documen ...

Manipulating Signed Docker Images

Written by Marc Nimmerrichter on 26.02.202026.01.2021

Docker Content Trust (DCT) is Docker’s mechanism for code signing. Developers can sign images they create and people using these images can verify if they have b ...

Citrix NetScaler CVE-2019-19781

Written by Marc Nimmerrichter on 17.01.202026.01.2021

Vulnerability CVE-2019-19781 in Citrix NetScaler has been a pain for organizations' IT departments for the last two weeks and it still keeps us busy supporting our ...