Application Security This Week for January 6

New year, new vulnerabilities.

 

Or old vulnerabilities.  How about Open Redirects, the vulnerability no one cares about other than the bad guys.

https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-class-no-one-but-attackers-cares-about/

 

We gotta look back at The Year That Was.

https://www.theregister.co.uk/2018/12/27/2018_the_year_in_security/

 

Someone cracked recaptcha.  Again.

https://github.com/ecthros/uncaptcha2

 

Chrome was leaking device info.  I got caught by this too.

https://threatpost.com/chrome-in-android-leaks-device-fingerprinting-info/140480/

 

Cool research on a malicious jpeg.

https://isc.sans.edu/forums/diary/A+Malicious+JPEG/24490

https://isc.sans.edu/diary/A+Malicious+JPEG%3F+Second+Example/24494

 

That's the news, folks.  Happy new year! Hope to see some of you at CodeMash.

 

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList