Week 10 In Review – 2017

Techniques Hacking Unicorns with Web Bluetooth - Researchers discovered an unsecured MongoDB server that exposed sensitive CloudPets customer data. My research focused on the toy itself, in particular some issues we found with its Bluetooth LE connectivity and features. Still Passing the Hash 15 Years Later - So I first thought about it [...]

Week 11 In Review – 2015

Resources A Primer on IoT Security Research – In this blog post Mstanislav'd like to give a high-level sense of what IoT security research often entails. TThis post is intended for the casual security researcher, or even IoT vendor, who wants to know what this research looks like, and where to get started. ElasticSearch CVE-2015-1427 [...]

Week 51 in Review – 2012

Resources Nils Jnemann: News about Google's Vulnerability Reward Program - Recently Adam Mein spoke at AppSec USA 2012 and Kevin Stadmeyer at SysScan 360 in Beijing about Google's experience with the Web Vulnerability Reward Program. Both are Security Program Manager at Google. Techniques 5 Tips to Ensure Safe Penetration Tests with Metasploit - [...]

2017-03-12T17:39:43-07:00 December 24th, 2012|Security Vulnerabilities, Week in Review|0 Comments

Google’s Free Web Security Assessment Tool

Yesterday, Google released their open-source passive web application security assessment tool called ratproxy. This utility, developed by our information security engineering team, is designed to transparently analyze legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern. The proxy analyzes problems such as cross-site script [...]

2017-03-12T17:40:26-07:00 July 3rd, 2008|Security Tools|0 Comments

Google’s Safe Browsing Diagnostic Tool

Niels Provos mentioned it at today's Web 2.0 Security and Privacy workshop, and somehow everyone I knew missed Google's official announcement last week of the safe browsing diagnostic page. So what type of information is given back to the user? What is the current listing status for [the site in question]? We display the current [...]

2017-03-12T17:40:27-07:00 May 22nd, 2008|Security Tools|0 Comments