Luis Grangeia and I talked to portuguese media Tek Sapo about Anonymous and terrorism. Worth taking a look into the article. [portuguese only]
Slides from Hack.lu can now be downloaded at http://2015.hack.lu/archive/2015/ Enjoy!
Trustwave disclosed a security report on a SQL Injection on popular CMS Joomla! that will result in full administrative access. Awesome work! https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/
I want to share a interesting reading that I noticed when searching Mr. G for Ruby security. I still didn’t finished reading it because lack of time but this weekend this will be on my to-do list. Paper: http://phrack.org/papers/attacking_ruby_on_rails.html
Interesting reading about security bug bounty written by Eduardo Vela – http://sirdarckcat.blogspot.pt/2015/09/not-about-money.html You got to love this part: It is my view, that we shouldn’t call them “Bug Bounty Programs”, I would like them to be called “Bug Hunter Appreciation Programs”. I don’t like the term “Bug Bounty”, because bounty sounds a lot like it’s money… Continue reading Bug Hunter Appreciation Programs
A couple of portuguese security researchers published a article about a vulnerability on Linkedin and Yahoo! that allows a malicious user to redirect victims to other sites. The problem is/was located on a vulnerable version of Express – Node.js web application framework. So with a simple modification in the URL you get a Open Redirect… Continue reading Yahoo! and other sites vulnerable to Open Redirect
The final chapter of BinaryEdge work about Ashley Madison attack. Interesting data and just a little pick on it the percentage of female [fembots] are incredible low – 13.8%. http://blog.binaryedge.io/2015/08/31/ashley-madison-a-conclusive-analysis/
The guys from BinaryEdge did an excellent job on a world map data with the Ashley Madison information. Take a look at their blog post. Also the Brian Krebs article about who hacked Ashley Madison is very good. Nice step-by-step investigation by the popular security journalist.
I was covered in a portuguese article for Tek Sapo about my bug bounty activities, specially at Cobalt.io. If you know portuguese language feel free to take a look: http://tek.sapo.pt/expert/artigo/ha_um_portugues_no_top_de_um_dos_maiores_programas_de_caca_ao_bug-43785gpm.html Or else translate it at Google.
My portuguese friends at BinaryEdge published the first part of an interesting article about big and critical data lying around the web. Take a look into it @ http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/