Are you over 18 and want to see adult content?
More Annotations
A complete backup of femaledominationworld.com
Are you over 18 and want to see adult content?
A complete backup of www.www.hotgirlclub.com
Are you over 18 and want to see adult content?
A complete backup of www.www.amyellisnutt.com
Are you over 18 and want to see adult content?
A complete backup of www.www.thetabutales.com
Are you over 18 and want to see adult content?
A complete backup of www.argentinalove.net
Are you over 18 and want to see adult content?
A complete backup of www.onlytease.com
Are you over 18 and want to see adult content?
A complete backup of www.www.kinky.nl
Are you over 18 and want to see adult content?
A complete backup of www.blackmonsterterror.com
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of buddha-vacana.org
Are you over 18 and want to see adult content?
A complete backup of jardin-secrets.com
Are you over 18 and want to see adult content?
A complete backup of mumslounge.com.au
Are you over 18 and want to see adult content?
A complete backup of cushmanwakefield.com
Are you over 18 and want to see adult content?
A complete backup of publicabrasil.com
Are you over 18 and want to see adult content?
A complete backup of programmedgeek.blogspot.com
Are you over 18 and want to see adult content?
A complete backup of expertsystem.com
Are you over 18 and want to see adult content?
A complete backup of oakorchardcanoe.com
Are you over 18 and want to see adult content?
A complete backup of becomingasuperhuman.com
Are you over 18 and want to see adult content?
Text
SAKURITY
CTO, Duo Security. We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access token leaking. Sunil Sadasivan.SAKURITY
OAuth by Sakurity. OAuth by Sakurity is significantly more secure and simple authorization protocol than official one. It fixes huge security and usability gaps in design (read the section below how OAuth2 was vulnerable to every possible attack) and only takes 5 minutes to understand how it works.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andTHE SAKURITY BLOG
Dec 10, 2016 • Egor Homakov ()Building Botnet on ServiceWorkers; Apr 16, 2016 • Egor Homakov ()PrepCAPTCHA, for bots and pentesters; Aug 13, 2015 • Egor Homakov ()Using Appcache and ServiceWorker for Evil BUILDING BOTNET ON SERVICEWORKERS Even that simple trick is overcomplicated - hunders of lines of code to get started, dependance on FCM etc. Put sw.js on the server, register a worker on the client side, wait for a Promise, then serviceWorkerRegistration.pushManager.getSubscription (), extract endpoint and registration_id, save those on the server. HACKING STARBUCKS FOR UNLIMITED COFFEE We do penetration testing, source code auditing and vulnerabilityassessments
HACKING PUSHER WITH SIMPLE CRYPTO VULNERABILITY Hacking Pusher with simple crypto vulnerability. Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and even forge any requests to Pusher API on behalf of your application if it has authenticationendpoint
YOUR API AUTHENTICATION IS INSECURE, AND WE'LL TELL YOU WHY Your API Authentication is insecure, and we'll tell you why. 3 days ago I reported Spree Commerce critical JSONP+CSRF vulnerability on all API endpoints.Instagram API was vulnerable to CSRF.Disqus, Stripe and Shopify APIs were leaking private data via JSONP.All that happened because they were not using Hybrid API Authentication properly.. This post is a must read for every API developer. PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file.SAKURITY
CTO, Duo Security. We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access token leaking. Sunil Sadasivan.SAKURITY
OAuth by Sakurity. OAuth by Sakurity is significantly more secure and simple authorization protocol than official one. It fixes huge security and usability gaps in design (read the section below how OAuth2 was vulnerable to every possible attack) and only takes 5 minutes to understand how it works.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andTHE SAKURITY BLOG
Dec 10, 2016 • Egor Homakov ()Building Botnet on ServiceWorkers; Apr 16, 2016 • Egor Homakov ()PrepCAPTCHA, for bots and pentesters; Aug 13, 2015 • Egor Homakov ()Using Appcache and ServiceWorker for Evil BUILDING BOTNET ON SERVICEWORKERS Even that simple trick is overcomplicated - hunders of lines of code to get started, dependance on FCM etc. Put sw.js on the server, register a worker on the client side, wait for a Promise, then serviceWorkerRegistration.pushManager.getSubscription (), extract endpoint and registration_id, save those on the server. HACKING STARBUCKS FOR UNLIMITED COFFEE We do penetration testing, source code auditing and vulnerabilityassessments
HACKING PUSHER WITH SIMPLE CRYPTO VULNERABILITY Hacking Pusher with simple crypto vulnerability. Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and even forge any requests to Pusher API on behalf of your application if it has authenticationendpoint
YOUR API AUTHENTICATION IS INSECURE, AND WE'LL TELL YOU WHY Your API Authentication is insecure, and we'll tell you why. 3 days ago I reported Spree Commerce critical JSONP+CSRF vulnerability on all API endpoints.Instagram API was vulnerable to CSRF.Disqus, Stripe and Shopify APIs were leaking private data via JSONP.All that happened because they were not using Hybrid API Authentication properly.. This post is a must read for every API developer. PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andSAKURITY
OAuth by Sakurity & Security Cheatsheet. Hacking Github with Webkit. Ruby regexp pitfalls. RJS is a vulnerability in multiple Rails apps. How I hacked Github again. Routing bug: "match" in rails. How we hacked Facebook with OAuth2 and Chrome bugs. Cookie "Bomb". Content Security Policy, for evil. HACKING A BITCOIN EXCHANGE First issue is Random.rand is based on PRNG (Mersenne Twister) which is easily predictable once you have enough subsequently generated numbers.. Second issue is rand(9) can only generate numbers from 0 to 8 so total number of combinations will be 9^6=531441 almost twice less than 1,000,000 and twice easier to bruteforce than App 2FA.. With tricks outlined above we can bypass PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING APPCACHE AND SERVICEWORKER FOR EVIL Using Appcache and ServiceWorker for Evil. You’re a bad guy and you just hacked a website. Normally you leak the database and leave. The owner fixes everything next HOW TO FIX AUTHENTICATION: EMAIL AS A PASSWORD MANAGER How to Fix Authentication: Email as a Password Manager. UPDATE: Email-only auth from 2012. Some great links on the same idea. It’s absolutely no news that passwords are broken because human beings physically cannot create and remember hundreds of unique passwords. USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file. RECONNECT - CRITICAL BUG IN WEBSITES WITH FACEBOOK LOGIN RECONNECT - critical bug in websites with Facebook Login. RECONNECT is a ready to use tool to hijack accounts on websites with Facebook Login, for example Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable.com, Vimeo and many others. Feel free to copy and modify its source code. Facebook refused to fix this issue one year ago, unfortunately it’s time to take it to the next level FORMAT INJECTION VULNERABILITY IN DUO SECURITY WEB SDK Format Injection Vulnerability in Duo Security Web SDK. Format Injection is not a new bug, but it was never described as a subclass of A1 Injection.You probably already hate me for giving it a name (at least I didn’t create a logo!) but calling it an “injection” istoo general.
PREPCAPTCHA, FOR BOTS AND PENTESTERS PrepCAPTCHA, for bots and pentesters. The iframe bug in No CAPTCHA was fixed long time ago, and now reCAPTCHA 2.0 is pretty secure and widespread. Bypassing it also got a lot harder, now it requires many solutions in a row, making bruteforce infeasible.SAKURITY
CTO, Duo Security. We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access token leaking. Sunil Sadasivan.SAKURITY
OAuth by Sakurity. OAuth by Sakurity is significantly more secure and simple authorization protocol than official one. It fixes huge security and usability gaps in design (read the section below how OAuth2 was vulnerable to every possible attack) and only takes 5 minutes to understand how it works.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andTHE SAKURITY BLOG
Dec 10, 2016 • Egor Homakov ()Building Botnet on ServiceWorkers; Apr 16, 2016 • Egor Homakov ()PrepCAPTCHA, for bots and pentesters; Aug 13, 2015 • Egor Homakov ()Using Appcache and ServiceWorker for Evil BUILDING BOTNET ON SERVICEWORKERS Even that simple trick is overcomplicated - hunders of lines of code to get started, dependance on FCM etc. Put sw.js on the server, register a worker on the client side, wait for a Promise, then serviceWorkerRegistration.pushManager.getSubscription (), extract endpoint and registration_id, save those on the server. HACKING STARBUCKS FOR UNLIMITED COFFEE We do penetration testing, source code auditing and vulnerabilityassessments
HACKING PUSHER WITH SIMPLE CRYPTO VULNERABILITY Hacking Pusher with simple crypto vulnerability. Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and even forge any requests to Pusher API on behalf of your application if it has authenticationendpoint
YOUR API AUTHENTICATION IS INSECURE, AND WE'LL TELL YOU WHY Your API Authentication is insecure, and we'll tell you why. 3 days ago I reported Spree Commerce critical JSONP+CSRF vulnerability on all API endpoints.Instagram API was vulnerable to CSRF.Disqus, Stripe and Shopify APIs were leaking private data via JSONP.All that happened because they were not using Hybrid API Authentication properly.. This post is a must read for every API developer. PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file.SAKURITY
CTO, Duo Security. We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access token leaking. Sunil Sadasivan.SAKURITY
OAuth by Sakurity. OAuth by Sakurity is significantly more secure and simple authorization protocol than official one. It fixes huge security and usability gaps in design (read the section below how OAuth2 was vulnerable to every possible attack) and only takes 5 minutes to understand how it works.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andTHE SAKURITY BLOG
Dec 10, 2016 • Egor Homakov ()Building Botnet on ServiceWorkers; Apr 16, 2016 • Egor Homakov ()PrepCAPTCHA, for bots and pentesters; Aug 13, 2015 • Egor Homakov ()Using Appcache and ServiceWorker for Evil BUILDING BOTNET ON SERVICEWORKERS Even that simple trick is overcomplicated - hunders of lines of code to get started, dependance on FCM etc. Put sw.js on the server, register a worker on the client side, wait for a Promise, then serviceWorkerRegistration.pushManager.getSubscription (), extract endpoint and registration_id, save those on the server. HACKING STARBUCKS FOR UNLIMITED COFFEE We do penetration testing, source code auditing and vulnerabilityassessments
HACKING PUSHER WITH SIMPLE CRYPTO VULNERABILITY Hacking Pusher with simple crypto vulnerability. Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and even forge any requests to Pusher API on behalf of your application if it has authenticationendpoint
YOUR API AUTHENTICATION IS INSECURE, AND WE'LL TELL YOU WHY Your API Authentication is insecure, and we'll tell you why. 3 days ago I reported Spree Commerce critical JSONP+CSRF vulnerability on all API endpoints.Instagram API was vulnerable to CSRF.Disqus, Stripe and Shopify APIs were leaking private data via JSONP.All that happened because they were not using Hybrid API Authentication properly.. This post is a must read for every API developer. PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andSAKURITY
OAuth by Sakurity & Security Cheatsheet. Hacking Github with Webkit. Ruby regexp pitfalls. RJS is a vulnerability in multiple Rails apps. How I hacked Github again. Routing bug: "match" in rails. How we hacked Facebook with OAuth2 and Chrome bugs. Cookie "Bomb". Content Security Policy, for evil. HACKING A BITCOIN EXCHANGE First issue is Random.rand is based on PRNG (Mersenne Twister) which is easily predictable once you have enough subsequently generated numbers.. Second issue is rand(9) can only generate numbers from 0 to 8 so total number of combinations will be 9^6=531441 almost twice less than 1,000,000 and twice easier to bruteforce than App 2FA.. With tricks outlined above we can bypass PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING APPCACHE AND SERVICEWORKER FOR EVIL Using Appcache and ServiceWorker for Evil. You’re a bad guy and you just hacked a website. Normally you leak the database and leave. The owner fixes everything next HOW TO FIX AUTHENTICATION: EMAIL AS A PASSWORD MANAGER How to Fix Authentication: Email as a Password Manager. UPDATE: Email-only auth from 2012. Some great links on the same idea. It’s absolutely no news that passwords are broken because human beings physically cannot create and remember hundreds of unique passwords. USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file. RECONNECT - CRITICAL BUG IN WEBSITES WITH FACEBOOK LOGIN RECONNECT - critical bug in websites with Facebook Login. RECONNECT is a ready to use tool to hijack accounts on websites with Facebook Login, for example Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable.com, Vimeo and many others. Feel free to copy and modify its source code. Facebook refused to fix this issue one year ago, unfortunately it’s time to take it to the next level FORMAT INJECTION VULNERABILITY IN DUO SECURITY WEB SDK Format Injection Vulnerability in Duo Security Web SDK. Format Injection is not a new bug, but it was never described as a subclass of A1 Injection.You probably already hate me for giving it a name (at least I didn’t create a logo!) but calling it an “injection” istoo general.
PREPCAPTCHA, FOR BOTS AND PENTESTERS PrepCAPTCHA, for bots and pentesters. The iframe bug in No CAPTCHA was fixed long time ago, and now reCAPTCHA 2.0 is pretty secure and widespread. Bypassing it also got a lot harder, now it requires many solutions in a row, making bruteforce infeasible.SAKURITY
CTO, Duo Security. We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access token leaking. Sunil Sadasivan.SAKURITY
OAuth by Sakurity. OAuth by Sakurity is significantly more secure and simple authorization protocol than official one. It fixes huge security and usability gaps in design (read the section below how OAuth2 was vulnerable to every possible attack) and only takes 5 minutes to understand how it works.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andTHE SAKURITY BLOG
Dec 10, 2016 • Egor Homakov ()Building Botnet on ServiceWorkers; Apr 16, 2016 • Egor Homakov ()PrepCAPTCHA, for bots and pentesters; Aug 13, 2015 • Egor Homakov ()Using Appcache and ServiceWorker for Evil BUILDING BOTNET ON SERVICEWORKERS Even that simple trick is overcomplicated - hunders of lines of code to get started, dependance on FCM etc. Put sw.js on the server, register a worker on the client side, wait for a Promise, then serviceWorkerRegistration.pushManager.getSubscription (), extract endpoint and registration_id, save those on the server. HACKING STARBUCKS FOR UNLIMITED COFFEE We do penetration testing, source code auditing and vulnerabilityassessments
HACKING PUSHER WITH SIMPLE CRYPTO VULNERABILITY Hacking Pusher with simple crypto vulnerability. Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and even forge any requests to Pusher API on behalf of your application if it has authenticationendpoint
YOUR API AUTHENTICATION IS INSECURE, AND WE'LL TELL YOU WHY Your API Authentication is insecure, and we'll tell you why. 3 days ago I reported Spree Commerce critical JSONP+CSRF vulnerability on all API endpoints.Instagram API was vulnerable to CSRF.Disqus, Stripe and Shopify APIs were leaking private data via JSONP.All that happened because they were not using Hybrid API Authentication properly.. This post is a must read for every API developer. PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file.SAKURITY
CTO, Duo Security. We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access token leaking. Sunil Sadasivan.SAKURITY
OAuth by Sakurity. OAuth by Sakurity is significantly more secure and simple authorization protocol than official one. It fixes huge security and usability gaps in design (read the section below how OAuth2 was vulnerable to every possible attack) and only takes 5 minutes to understand how it works.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andTHE SAKURITY BLOG
Dec 10, 2016 • Egor Homakov ()Building Botnet on ServiceWorkers; Apr 16, 2016 • Egor Homakov ()PrepCAPTCHA, for bots and pentesters; Aug 13, 2015 • Egor Homakov ()Using Appcache and ServiceWorker for Evil BUILDING BOTNET ON SERVICEWORKERS Even that simple trick is overcomplicated - hunders of lines of code to get started, dependance on FCM etc. Put sw.js on the server, register a worker on the client side, wait for a Promise, then serviceWorkerRegistration.pushManager.getSubscription (), extract endpoint and registration_id, save those on the server. HACKING STARBUCKS FOR UNLIMITED COFFEE We do penetration testing, source code auditing and vulnerabilityassessments
HACKING PUSHER WITH SIMPLE CRYPTO VULNERABILITY Hacking Pusher with simple crypto vulnerability. Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and even forge any requests to Pusher API on behalf of your application if it has authenticationendpoint
YOUR API AUTHENTICATION IS INSECURE, AND WE'LL TELL YOU WHY Your API Authentication is insecure, and we'll tell you why. 3 days ago I reported Spree Commerce critical JSONP+CSRF vulnerability on all API endpoints.Instagram API was vulnerable to CSRF.Disqus, Stripe and Shopify APIs were leaking private data via JSONP.All that happened because they were not using Hybrid API Authentication properly.. This post is a must read for every API developer. PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andSAKURITY
OAuth by Sakurity & Security Cheatsheet. Hacking Github with Webkit. Ruby regexp pitfalls. RJS is a vulnerability in multiple Rails apps. How I hacked Github again. Routing bug: "match" in rails. How we hacked Facebook with OAuth2 and Chrome bugs. Cookie "Bomb". Content Security Policy, for evil. HACKING A BITCOIN EXCHANGE First issue is Random.rand is based on PRNG (Mersenne Twister) which is easily predictable once you have enough subsequently generated numbers.. Second issue is rand(9) can only generate numbers from 0 to 8 so total number of combinations will be 9^6=531441 almost twice less than 1,000,000 and twice easier to bruteforce than App 2FA.. With tricks outlined above we can bypass PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? USING APPCACHE AND SERVICEWORKER FOR EVIL Using Appcache and ServiceWorker for Evil. You’re a bad guy and you just hacked a website. Normally you leak the database and leave. The owner fixes everything next HOW TO FIX AUTHENTICATION: EMAIL AS A PASSWORD MANAGER How to Fix Authentication: Email as a Password Manager. UPDATE: Email-only auth from 2012. Some great links on the same idea. It’s absolutely no news that passwords are broken because human beings physically cannot create and remember hundreds of unique passwords. USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file. RECONNECT - CRITICAL BUG IN WEBSITES WITH FACEBOOK LOGIN RECONNECT - critical bug in websites with Facebook Login. RECONNECT is a ready to use tool to hijack accounts on websites with Facebook Login, for example Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable.com, Vimeo and many others. Feel free to copy and modify its source code. Facebook refused to fix this issue one year ago, unfortunately it’s time to take it to the next level FORMAT INJECTION VULNERABILITY IN DUO SECURITY WEB SDK Format Injection Vulnerability in Duo Security Web SDK. Format Injection is not a new bug, but it was never described as a subclass of A1 Injection.You probably already hate me for giving it a name (at least I didn’t create a logo!) but calling it an “injection” istoo general.
PREPCAPTCHA, FOR BOTS AND PENTESTERS PrepCAPTCHA, for bots and pentesters. The iframe bug in No CAPTCHA was fixed long time ago, and now reCAPTCHA 2.0 is pretty secure and widespread. Bypassing it also got a lot harder, now it requires many solutions in a row, making bruteforce infeasible.SAKURITY
CTO, Duo Security. We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access token leaking. Sunil Sadasivan.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andSAKURITY
OAuth by Sakurity. OAuth by Sakurity is significantly more secure and simple authorization protocol than official one. It fixes huge security and usability gaps in design (read the section below how OAuth2 was vulnerable to every possible attack) and only takes 5 minutes to understand how it works.SAKURITY
OAuth by Sakurity & Security Cheatsheet. Hacking Github with Webkit. Ruby regexp pitfalls. RJS is a vulnerability in multiple Rails apps. How I hacked Github again. Routing bug: "match" in rails. How we hacked Facebook with OAuth2 and Chrome bugs. Cookie "Bomb". Content Security Policy, for evil.THE SAKURITY BLOG
Dec 10, 2016 • Egor Homakov ()Building Botnet on ServiceWorkers; Apr 16, 2016 • Egor Homakov ()PrepCAPTCHA, for bots and pentesters; Aug 13, 2015 • Egor Homakov ()Using Appcache and ServiceWorker for Evil HACKING A BITCOIN EXCHANGE First issue is Random.rand is based on PRNG (Mersenne Twister) which is easily predictable once you have enough subsequently generated numbers.. Second issue is rand(9) can only generate numbers from 0 to 8 so total number of combinations will be 9^6=531441 almost twice less than 1,000,000 and twice easier to bruteforce than App 2FA.. With tricks outlined above we can bypass BUILDING BOTNET ON SERVICEWORKERS Even that simple trick is overcomplicated - hunders of lines of code to get started, dependance on FCM etc. Put sw.js on the server, register a worker on the client side, wait for a Promise, then serviceWorkerRegistration.pushManager.getSubscription (), extract endpoint and registration_id, save those on the server. YOUR API AUTHENTICATION IS INSECURE, AND WE'LL TELL YOU WHY Your API Authentication is insecure, and we'll tell you why. 3 days ago I reported Spree Commerce critical JSONP+CSRF vulnerability on all API endpoints.Instagram API was vulnerable to CSRF.Disqus, Stripe and Shopify APIs were leaking private data via JSONP.All that happened because they were not using Hybrid API Authentication properly.. This post is a must read for every API developer. HACKING PUSHER WITH SIMPLE CRYPTO VULNERABILITY Hacking Pusher with simple crypto vulnerability. Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and even forge any requests to Pusher API on behalf of your application if it has authenticationendpoint
HOW TO FIX AUTHENTICATION: EMAIL AS A PASSWORD MANAGER How to Fix Authentication: Email as a Password Manager. UPDATE: Email-only auth from 2012. Some great links on the same idea. It’s absolutely no news that passwords are broken because human beings physically cannot create and remember hundreds of unique passwords.SAKURITY
CTO, Duo Security. We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access token leaking. Sunil Sadasivan.SAKURITY
We learn high-level details about your project and stack (programming languages, framework/CMS, OS) Then we figure out your goal and scope: compliance, quarterly audit, pre-launch pentest, design review etc. Meanwhile you can prepare and sign contract, NDA and other documents if you need them. We thorougly inspect your codebase for issues andSAKURITY
OAuth by Sakurity. OAuth by Sakurity is significantly more secure and simple authorization protocol than official one. It fixes huge security and usability gaps in design (read the section below how OAuth2 was vulnerable to every possible attack) and only takes 5 minutes to understand how it works.SAKURITY
OAuth by Sakurity & Security Cheatsheet. Hacking Github with Webkit. Ruby regexp pitfalls. RJS is a vulnerability in multiple Rails apps. How I hacked Github again. Routing bug: "match" in rails. How we hacked Facebook with OAuth2 and Chrome bugs. Cookie "Bomb". Content Security Policy, for evil.THE SAKURITY BLOG
Dec 10, 2016 • Egor Homakov ()Building Botnet on ServiceWorkers; Apr 16, 2016 • Egor Homakov ()PrepCAPTCHA, for bots and pentesters; Aug 13, 2015 • Egor Homakov ()Using Appcache and ServiceWorker for Evil HACKING A BITCOIN EXCHANGE First issue is Random.rand is based on PRNG (Mersenne Twister) which is easily predictable once you have enough subsequently generated numbers.. Second issue is rand(9) can only generate numbers from 0 to 8 so total number of combinations will be 9^6=531441 almost twice less than 1,000,000 and twice easier to bruteforce than App 2FA.. With tricks outlined above we can bypass BUILDING BOTNET ON SERVICEWORKERS Even that simple trick is overcomplicated - hunders of lines of code to get started, dependance on FCM etc. Put sw.js on the server, register a worker on the client side, wait for a Promise, then serviceWorkerRegistration.pushManager.getSubscription (), extract endpoint and registration_id, save those on the server. YOUR API AUTHENTICATION IS INSECURE, AND WE'LL TELL YOU WHY Your API Authentication is insecure, and we'll tell you why. 3 days ago I reported Spree Commerce critical JSONP+CSRF vulnerability on all API endpoints.Instagram API was vulnerable to CSRF.Disqus, Stripe and Shopify APIs were leaking private data via JSONP.All that happened because they were not using Hybrid API Authentication properly.. This post is a must read for every API developer. HACKING PUSHER WITH SIMPLE CRYPTO VULNERABILITY Hacking Pusher with simple crypto vulnerability. Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and even forge any requests to Pusher API on behalf of your application if it has authenticationendpoint
HOW TO FIX AUTHENTICATION: EMAIL AS A PASSWORD MANAGER How to Fix Authentication: Email as a Password Manager. UPDATE: Email-only auth from 2012. Some great links on the same idea. It’s absolutely no news that passwords are broken because human beings physically cannot create and remember hundreds of unique passwords.SAKURITY
OAuth by Sakurity & Security Cheatsheet. Hacking Github with Webkit. Ruby regexp pitfalls. RJS is a vulnerability in multiple Rails apps. How I hacked Github again. Routing bug: "match" in rails. How we hacked Facebook with OAuth2 and Chrome bugs. Cookie "Bomb". Content Security Policy, for evil. WHY YOU DON'T NEED 2 FACTOR AUTHENTICATION We do penetration testing, source code auditing and vulnerabilityassessments
PUZZLE #2: REALLY CURIOUS XSS IN RAILS Puzzle #2: Really Curious XSS in Rails. I’ve seen this code quite a few times in app/views: $.get (location.pathname+'?something'). It reads current pathname and requests it with some parameters or loads some extra JSON data. Or adjusts search filters. Lots of use cases. 100% innocent code, isn’t it? HACKING STARBUCKS FOR UNLIMITED COFFEE We do penetration testing, source code auditing and vulnerabilityassessments
FORMAT INJECTION VULNERABILITY IN DUO SECURITY WEB SDK Format Injection Vulnerability in Duo Security Web SDK. Format Injection is not a new bug, but it was never described as a subclass of A1 Injection.You probably already hate me for giving it a name (at least I didn’t create a logo!) but calling it an “injection” istoo general.
PROFILEJACKING
ProfileJacking - legal tricks to detect user profile. ProfileJacking is a simple technology based on Clickjacking, or being more accurate, on Likejacking. The only difference is likejacking’s goal is to increase number of likes, profilejacking’s purpose is to reveal profile URLs of current visitors to send them personalizedoffers/messages.
RECONNECT - CRITICAL BUG IN WEBSITES WITH FACEBOOK LOGIN RECONNECT - critical bug in websites with Facebook Login. RECONNECT is a ready to use tool to hijack accounts on websites with Facebook Login, for example Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable.com, Vimeo and many others. Feel free to copy and modify its source code. Facebook refused to fix this issue one year ago, unfortunately it’s time to take it to the next level USING OPEN-URI? CHECK YOUR CODE Using open-uri? Check your code - you're playing with fire! Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file. SECURITY REPORT FOR PEATIO EXCHANGE Pulling together few vulnerabilities in Weibo and redirect_to(request.referer) in DocumentsController we can make Peatio redirect the victim back to the malicious page and PUBLIC REPORT FOR PEATIO Public report for Peatio. I was told that the previous post on hacking an exchange led to some negative feedback about Yunbi/Peatio. It indeed needs some clarification. First of all, no one was “hacked”, it was just an attack scenario.* Home
* Blog
* Research
* Contact Us
At Mixpanel, we obsess about security and we found the Sakurity team phenomenal to work with for a contracted penetration test of Mixpanel. Sakurity identified holes that our previous security audit had missed and their turnaround time was great. We plan to continue to partner with Sakurity for the foreseeable future.Joe Xavier
VP of Engineering, Mixpanel As a payments company, security is core to everything Stripe does. I've worked with Sakurity both through their responsible disclosures as well as a contracted penetration test of Stripe. Sakurity has always been professional and responsible in their work, and Stripe today is more secure due to their efforts.Greg Brockman
CTO, Stripe
We approached Sakurity to audit our existing platform, and perform ongoing reviews of upcoming products. Sakurity have a proven and well-regarded understanding of web application security, and were able to identify and help us fix several key vulnerabilities, making our platform significantly more secure.Adrian Macneil
Director of Engineering, Coinbase The Sakurity team was a pleasure to work with, both during the process of an issue they reported to us and for an assessment they performed on contract. Their efforts have helped us further harden the security of our two-factor authentication platform.Jon Oberheide
CTO, Duo Security
We’ve been working closely with Sakurity to identify key weaknesses within our app. Sakurity is industry leader in identifying oauth weaknesses. They've helped us to identify and resolve potential security holes such as xss, account hijacking, and access tokenleaking.
Sunil Sadasivan
CTO, Buffer
As a service that provides authentication, authorization and single sign-on infrastructure, security for Auth0 is a top priority. Sakurity has consistently demonstrated deep expertise in evaluatiing identity protocols, and security in general. The Sakurity team helped us with a full audit of our platform and we consider the company part of ourextended team.
Matias Woloski
CTO, Auth0
TRUSTED BY
PRIORITIES
BILLING SECURITY
Payment Gateways and their providers, online banking and wallets as well as critical APIs.STARTUP SECURITY
Cutting edge application stacks, such as Ruby on Rails, Node.js, Scalaetc.
AUTHENTICATION
Identity providers, OAuth/OpenID and Single sign-on security .BITCOIN SECURITY
All things related to crypto-currencies. Hey, we accept Bitcoins too! WE FIND BUGS OTHERS CAN'T. Reach out to us if you want to see how our security audits can helpyour business,
or if you have any questions.Contact
SAKURITY
* Home
* Blog
* Research
* Contact Us
Sakurity Ltd, a Hong Kong company established in 2012.Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0