Tag

Hacking

Browsing

by @bo0om, Wallarm Research Caching is a great technology practice. It makes life better for everybody — clients get the data faster, servers expend fewer resources and so on. There is even a whole CDN industry that was built to deliver caching as a service. There are many examples of caching configuration and tuning, but what I would like to talk about today are possible vulnerabilities in the caching techniques and methodology. Some environments are configured in…

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a single request. The problem is further aggravated by the fact that it puts all the most current versions of the application (7.x and 8.x branches, up…

by bo0om, Wallarm Research I’ve previously published an article about using Safari to compromise a computer file system. Unfortunately, there are more issues with Safari as we are now finding out. In this post, we will take a look at the possibility of a XSS exploit and a cookie compromise stemming from “unusual” Safari behavior. Normal browsers and their DNS requests. What does a browser do to open a web page? First, it sends a…

It is that time of year again when we collectively conjure up ghosts, witches, monsters and other frightening characters for Halloween chills. As children, these scary fiends may have terrified us, but not so much anymore. Yet as adults, we certainly have genuine horror stories that keep us awake at night still, especially if you are an IT manager. To quote the famous line in the 1983 film version of the Twilight Zone, “Do you…

143 million U.S. consumers, Equifax.com users who may have been affected by the the worst data breach in history are receiving all sorts of advice (including a free TrustedID product license from Equifax). But despite numerous public reports about the incident, there are still many important questions left unanswered. Among the most important ones: how do we minimize the risk of similar incidents in the future? Let’s take a closer look at what we know…

by Ivan Novikov Image by Byseyhanla (Own work) [CC BY-SA 4.0, article re-posted from https://medium.com/@d0znpp/top-5-stupid-security-mistakes-in-web-apps-2f26f52ebfaa In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddies as well as by fully automated scanners and internal security checks. Let’s go! Apache to Nginx migration configuration files disclosure. Just don’t…