Collaborate Disseminate
A Kansas City man is accused of hacking into local businesses, not to steal money, but to… get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what’s happened to their sensitive genetic data. And Austral… Continue reading Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout
In my Cryptography & Network Security course, my professor mentioned that you can "knock off" a station of a network by abusing the timings of the exponential off algorithm used in CSMA/CD and CSMA/CA. He explains that the at… Continue reading Can exponential back-off be abused to "knock off" a station off a network?
A disgruntled former Disney employee is facing charges that he hacked into the company’s restaurant menu systems and wreaked havoc on its digital displays that could have potentially put lives at risk.
Read more in my article on the Hot for Security… Continue reading Fired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy information
WordPress’s emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege fro… Continue reading Smashing Security podcast #389: WordPress vs WP Engine, and the Internet Archive is down
Cloudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.)
News article.
Continue reading Largest Recorded DDoS Attack is 3.8 Tbps
ForeScout said one of them warranted rating at the maximum severity level, although DrayTek has issued patches.
The post Research reveals vulnerabilities in routers that left 700,000-plus exposed appeared first on CyberScoop.
Continue reading Research reveals vulnerabilities in routers that left 700,000-plus exposed
About a year ago, my reCAPTCHA for creating uers seemed to get completely bypassed by a hacker, who created thousands of users in a small time frame, here are checks I did:
I reviewed all the queries that insert new entries into my databa… Continue reading My reCAPTCHA got bypassed
I have an API which is protected by AWS Cloudfront. I found a ReDos in one of my API Endpoints. The endpoint looks like this:
https://mywebsite.com/api/myendpoint?apikey=xxxx&namefilter=yyyy
The user specifies the apiKey and a namefilt… Continue reading ReDOS – Vulnerability found, but DOS not possible
Is it possible to prevent SAE-PK-respecting WiFi clients from connecting to a real AP that doesn’t use SAE-PK by planting an AP that broadcasts the "SAE-PK Passwords Used Exclusively" bit with the same SSID? Potential clients mig… Continue reading Can an evil AP prevent real connections by claiming SAE-PK is needed?
Cloudflare reports on the state of applications security. It claims that 6.8% of Internet traffic is malicious. And that CVEs are exploited as quickly as 22 minutes after proof-of-concepts are published.
News articles.
Continue reading Nearly 7% of Internet Traffic Is Malicious