Happy Holidays

It is the end of the year already. Whatever you are planning for the next few weeks, X41 wishes you a lot of fun!

For X41 2024 started with the release of the results of our BIND9 DNS server audit we performed for ISC.

Unfortunately, our CVSS calculator product is still in the quality assurance phase, but we expect a release very very soon ;-)

Our team member Yasar identified issues in the way the Chilkat library generates random numbers. These had a direct impact on the way the ginlo messenger generates encryption keys. Since attackers can reconstruct the state of the random number generator in some scenarios and re-generate the secret keys, Yasar presented his work at Hacktivity and GreHack.

During the summer, an OSTIF sponsored audit report for Cyclone DDS was published.

Similar to 2017, X41 had a peek at Antragsgrün, a voting software used by political parties.

December was a busy month again at X41. First, the report for a code audit on Mullvad VPN was released, which hightlighted some security issues in the popular VPN software.
Shortly afterwards, we could release our report on a Spotify Backstage audit sponsored by the great OSTIF.

For us, 2025 begins in Goa, where Markus and Eric will hold a training on how to discover security vulnerabilies at Nullcon.

About X41 D-Sec GmbH

X41 D-Sec GmbH is an expert provider for application security services. Having extensive industry experience and expertise in the area of information security, a strong core security team of world class security experts enables X41 to perform premium security services.

Fields of expertise in the area of application security are security centric code reviews, binary reverse engineering and vulnerability discovery. Custom research and a IT security consulting and support services are core competencies of X41.