Application Security This Week for February 17

A maintainer of the underlying runtime for Docker and Kubernetes) reported a vulnerability.


Here is a PoC codebase for the above.  Well written too.


Hashcat can now crack any eight chatacter Windows password in two hours.


Interested in Bug Bounties?  Think they are all taken?  Facebook CSRF finding nets $25,000.


And that's the news.

Application Security This Week for February 10

Ullaakut on Reddit posted this toolset: Gorsair, a tool to remotely access the exposed Docker API of vulnerable Docker containers.  Works, too.


Someone already pwned TLS 1.3, for crying out loud.


Cool attack on CORS configuration in mobile devices


RCE in Libreoffice.  Not so free NOW areya?


And that's the news. Stay warm.

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.



profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites