Recent security breaches
Reading Time: 6 minutes Explore the key elements of this Cross-Site Scripting vulnerability in the Google search engine.
Reading Time: 3 minutes The US Postal Service launched its Informed Visibility program last year to provide better insight into their mailstream service. For example, one can obtain near real-time notifications about delivery dates and identify trends. However, they have made much more data available than intended, at least 60 million customers were exposed to anyone who is registered on http://www.usps.com.
Reading Time: 8 minutes IT security is a really huge topic and until you find your first bug you can’t be sure that you have the required amount of knowledge, luck, and patience. Joining the club of bug bounty hunters as a newbie is hard, so let me share my story with you.
Reading Time: 5 minutes The Facebook breach was discovered after the social media company saw an unusual spike of user activity that began on September 14, 2018. A few days later, on Tuesday, September 25, Facebook’s engineering team discovered an unprecedented security issue, that affected about 30 million users. The social media giant says the flaw has been patched, but the people behind this attack are still unknown.
Reading Time: 5 minutes If you have found a vulnerability and you want to act responsibly, discretion is most important. Always remember you have information that can be exploited by black-hats putting not only the enterprise and its reputation but its users at risk.
Reading Time: 7 minutes Access control, or authorization, is how a web application grants access to resources to some users, and not others. These resources mostly fall into two categories: sensitive data, which should only be accessed by certain entities, and functions that can modify data on the webserver, or even modify the server’s functionality. Authorization checks are performed after authentication: when a user visits a webpage, first they have to authenticate themselves, i.e. login, then if they try to gain access to a resource, the server checks if they are authorized to do so.
Reading Time: 6 minutes You’ve probably read about the Equifax breach and the Apache Struts vulnerability in NY Times, in Bloomberg or somewhere else. The breach resulted in the leakage of 143 million user profiles, including Social Security numbers, birthdates and addresses.