Application Security This Week for January 17

Breakdown of a malicious app that man-in-the-middled the Google Signin.

https://blog.usejournal.com/how-i-stole-the-data-in-millions-of-peoples-google-accounts-aa1b72dcc075

 

Good Wired article about tools the fibby uses to get around smartphone encryption.

https://www.wired.com/story/smartphone-encryption-law-enforcement-tools/

 

Oh man, cross-origin images and data leakage.  Certainly adding this to my manual testing.

https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/

 

This has been patched, but a really good explainer on how the RCE in Office 365 was discovered.

https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html

 

Using game hacking to explain the danger of unsigned code.

https://secret.club/2021/01/12/callout.html

 

Have a great week folks!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList