Bill Sempf
New year, new vulnerabilities.
Or old vulnerabilities. How about Open Redirects, the vulnerability no one cares about other than the bad guys.
https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-class-no-one-but-attackers-cares-about/
We gotta look back at The Year That Was.
https://www.theregister.co.uk/2018/12/27/2018_the_year_in_security/
Someone cracked recaptcha. Again.
https://github.com/ecthros/uncaptcha2
Chrome was leaking device info. I got caught by this too.
https://threatpost.com/chrome-in-android-leaks-device-fingerprinting-info/140480/
Cool research on a malicious jpeg.
https://isc.sans.edu/forums/diary/A+Malicious+JPEG/24490
https://isc.sans.edu/diary/A+Malicious+JPEG%3F+Second+Example/24494
That's the news, folks. Happy new year! Hope to see some of you at CodeMash.
Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.
Tweets by @sempf