Application Security This Week for January 27

by Bill Sempf 27. January 2019 13:29

Here's a thread by Michael Stanek about how bad 7-zip's encryption algorithm is.  I use this all the time and had no idea.


An exploit POC that Mark Haase wrote for the new SCP vulnerability.


Hadoop is the new target for a lot of malware.  Please stop leaving your clusters vulnerable.


Chrome is turning off the API that UBlock Origin uses. Makes sense - Chrome is free, Google is an ad company. Whatcha gonna do?


While you're here, the Central Ohio Infosec Summit has their annual Call For Papers open.  Submit!


And that's the news.


Application Security This Week for January 20

by Bill Sempf 20. January 2019 14:35

A 773 million record file of usernames and passwords discovered


Google releases a tool to help with TLS certificate management


Really cool attack discovered using zero width spaces


DNS Hijacking on the rise


Late addition: Watch your password control logic, please!


That's the news, folks.


Application Security This Week for January 6

by Bill Sempf 8. January 2019 09:37

New year, new vulnerabilities.


Or old vulnerabilities.  How about Open Redirects, the vulnerability no one cares about other than the bad guys.


We gotta look back at The Year That Was.


Someone cracked recaptcha.  Again.


Chrome was leaking device info.  I got caught by this too.


Cool research on a malicious jpeg.


That's the news, folks.  Happy new year! Hope to see some of you at CodeMash.




Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites