Application Security This Week for January 6

0Comments

New year, new vulnerabilities.

 

Or old vulnerabilities.  How about Open Redirects, the vulnerability no one cares about other than the bad guys.

https://stevetabernacle.github.io/blog/open-redirects-the-vulnerability-class-no-one-but-attackers-cares-about/

 

We gotta look back at The Year That Was.

https://www.theregister.co.uk/2018/12/27/2018_the_year_in_security/

 

Someone cracked recaptcha.  Again.

https://github.com/ecthros/uncaptcha2

 

Chrome was leaking device info.  I got caught by this too.

https://threatpost.com/chrome-in-android-leaks-device-fingerprinting-info/140480/

 

Cool research on a malicious jpeg.

https://isc.sans.edu/forums/diary/A+Malicious+JPEG/24490

https://isc.sans.edu/diary/A+Malicious+JPEG%3F+Second+Example/24494

 

That's the news, folks.  Happy new year! Hope to see some of you at CodeMash.

 

By Bill Sempf on January 8, 2019 at 9:37 AM
Tagged:

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

PageList

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

TagCloud