You want to know more about our services and our approach in detail? In our white paper, you will find an in depth description of how we will perform a test in your company, which tools we are going to use, and which circumstance are necessary in order to realize an efficient and successful security assessment. If you like to receive our white paper in print, do not hesitate to send en email to firstname.lastname@example.org including your name and postal address.
SySS GmbH deals with security issues in a responsible way. In the form of a security advisory we report security vulnerabilities which are not in products of our customers and which are not excluded from public disclosure due to contractual agreements with vendors.
The security advisory contains detailed information about the found vulnerability that allows the vendor to reproduce and further investigate the reported security issue. Vulnerabilities will be disclosed to the public if a solution was published by the vendor or 45 days after the initial report by the SySS GmbH, regardless of the vulnerability status, for example if there is a patch or workaround from the affected vendor. In well-founded exceptional cases, this standard procedure may not be followed and an alternative, adjusted publication schedule will be negotiated with the vendor.
The goal of our Responsible Disclosure Policy is, to weigh up the need of the public to know of security vulnerabilities against the vendor’s time to remedy all security issues effectively. The final publication schedule will be based on the best interests of the community overall, considering both positions. Before the responsible disclosure of a security vulnerability, the SySS GmbH allows vendors the opportunity to analyze reported security issues, to develop effective countermeasures, and to test them thoroughly.
How to Bypass the Password-Based Authentication for Unloading Kaspersky Endpoint Security 10 for Windows and other Endpoint Protection Software Products as a Limited User, an article by Matthias Deeg and Sven Freund
A security vulnerability in the software component McAfee Security Agent, which is part of the antivirus software McAfee VirusScan Enterprise, can be leveraged in attacks against corporate networks. An article by Matthias Deeg and Sebastian Schreiber
The SySS GmbH cracked a hardware-encrypted FIPS 140-2 certified USB flash drive from SanDisk. An article by Matthias Deeg and Sebastian Schreiber (available in English and German)