POODLE Advisory
What is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption Vulnerability CVE: CVE-2014-3566 What is the attack? The […]
What is POODLE? POODLE stands for Padding Oracle On Downgraded Legacy Encryption Vulnerability CVE: CVE-2014-3566 What is the attack? The […]
Introduction In the last post we saw how the recent bash vulnerability can be remotely exploited in a variety of […]
Introduction A remotely exploitable vulnerability was discovered by Stephane Chazelas of Akamai in the GNU Bash command shell. The vulnerability […]
During a recent engagement, we were asked to test the security level of an application white-listing solution deployed on the […]
Recently, I found an interesting issue qualifying on Yahoo! Pipes. But before going into the details of this specific issue, […]
Objectives of IT legislation in India The Government of India enacted its Information Technology Act 2000 with the objectives stating […]
During a routine penetration testing engagement, we found an IIS webserver with HTTP methods (verbs) like PUT and DELETE enabled […]
Heartbleed Advisory & FAQ Please find below a quick FAQ on the Heartbleed vulnerability and what you can to address […]
Most large organizations provide wireless facilities for their guest, which may include vendors, consultants, business associates, employees from other regions […]
It is a common technique for criminals to target gaming applications as a propagation vector for malware distribution. Recently, I observed just such a malicious Android app, which acted as an interesting information stealer and then self-destructed. I took this case to investigate further as an interesting research.