David Sopas – Web Security Researcher

Interesting Readings

25/09/15 Interesting Readings , Tips and Tricks # , , , , ,

Yahoo! and other sites vulnerable to Open Redirect

Yahoo! and other sites vulnerable to Open Redirect

A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to other sites. The problem is/was located on a vulnerable version of Express – Node.js web application framework.

So with a simple modification in the URL you get a Open Redirect attack:




Both Yahoo! attacks are still open to attack and working in Firefox and Opera browsers.

I found out that many other sites are vulnerable to this attack including MySpace. Just searching on the official ExpressJS site you can get a list of big companies and start-ups vulnerable to this attack – http://expressjs.com/resources/applications.html

This is a easy fix – just update your Express Framework and you’re done!

0 likes one response
31/08/15 Interesting Readings # , ,

Ashley Madison it’s the final countdown

Ashley Madison it’s the final countdown

The final chapter of BinaryEdge work about Ashley Madison attack. Interesting data and just a little pick on it the percentage of female [fembots] are incredible low – 13.8%.


0 likes no responses
28/08/15 Interesting Readings # , ,

Ashley Madison hack and world map data

Ashley Madison hack and world map data

The guys from BinaryEdge did an excellent job on a world map data with the Ashley Madison information. Take a look at their blog post.

Also the Brian Krebs article about who hacked Ashley Madison is very good. Nice step-by-step investigation by the popular security journalist.


0 likes no responses
13/08/15 Bug Bounty , Interesting Readings # , ,

Interview to Tek Sapo about bug bounty

I was covered in a portuguese article for Tek Sapo about my bug bounty activities, specially at Cobalt.io.

If you know portuguese language feel free to take a look: http://tek.sapo.pt/expert/artigo/ha_um_portugues_no_top_de_um_dos_maiores_programas_de_caca_ao_bug-43785gpm.html

Or else translate it at Google.

0 likes no responses
13/08/15 Interesting Readings # ,

Data, Technologies and Security – Part 1

My portuguese friends at BinaryEdge published the first part of an interesting article about big and critical data lying around the web.

Take a look into it @ http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/

0 likes no responses
10/08/15 Interesting Readings # , , ,

Cobalt.io published a nice interview about me

For those who want to know more about me and my work at Cobalt.io check the interview I gave to their blog.


#kudos to Cobalt.io

0 likes no responses
09/08/15 Interesting Readings # , ,

Drive it like you hack it – Samy Kamkar at Defcon 23

Drive it like you hacked slides at Defcon 23 by Samy Kamkar. Very cool car hacking talk.


0 likes no responses