"Ben Schmidt" info@narfindustries.com
Narf Industries (NRFIN)
SafeTechs realizes that our clients have files worth protecting, but today, there's no good way to transfer files securely and safely. We're here to help you do it. After years of work, we have created SBTP, a new way to transfer any data you want, and it will be encrypted, stay encrypted, and well outside the reach of any would-be hackers. In addition, we've created a Patent-Pending binary verification tool that will ensure you're running the latest, safest version of SBTP. Today, we've released the beta version of our application, and are offering free accounts on our server for anyone who wants to keep their data safe.
The vulnerability in this CB is loosely based around CVE-2015-0777 in OpenSSH, where a bug in handling reconnections lead to information leakage. By refraining from sending data for 2 seconds after protocol initiation, it is possible to enter a "reconnection" state with special re-transmission logic. Due to various failures to sanitize and validate peer provided data, it is possible to map and disclose uninitialized memory, as well as corrupt heap memory.
Uninitialized memory disclosure Improper bounds checking
CWE-908: Use of Uninitialized Resource CWE-125: Out-of-bounds read CWE-787: Out-of-bounds write
This CB presents a number of rather difficult challenges to would be competitors:
Curated by Lunge Technology, LLC. Questions or comments? Send us email