Why I Helped Draft State-Level Vulnerability Disclosure Legislation (Delaware SB 283)

The adoption of bug bounty programs, or vulnerability disclosure programs, has increased rapidly over the past few years, even extending to industries outside of the technology sector — United Airlines, GM, and the Pentagon are great examples. From enormous organizations like Google and Facebook, to small startups with a handful of employees, companies of all sizes seem to be …

Critical Vulnerability Compromising Verizon Email Accounts (Again)

I have worked with Verizon numerous times in the past while reporting serious security vulnerabilities, including a critical vulnerability in their MyFiOS app’s API that exposed the email accounts of all users. While I was recently researching the Verizon webmail portal, I discovered multiple vulnerabilities of varying severities — some of which I will likely write about in the …

Widespread Vulnerable Ads Part Two: Flash Edition (Facebook’s LiveRail, Akamai, Adobe products affected)

Shortly after my recent blog post concerning widespread XSS in ad network code, I discovered similar vulnerabilities in Flash video ads (and other Flash products/components), resulting in a substantial industry-wide mitigation of XSS in Flash-to-JavaScript communication. Perhaps most interestingly, these vulnerabilities presented risks similar to my previous findings except that, in most cases, Ad-Block solutions employed by the …

Compliance Strikes Again: Multiple Vulnerabilities in Worldpay’s Merchant Portal

I had almost forgotten about my experience with Worldpay’s Merchant Portal from just over a year ago, but my recent post regarding another payment processor helped to refresh my memory. I occasionally help one of my family members’ small business with almost anything technology-related, including their e-commerce solution. In this case, I was helping them switch their payment gateway …

Vulnerabilities in a Third-Party Healthcare Payment Processor

Following a visit to our area hospital, my wife received an email notifying her of an account that was setup on her behalf to facilitate payments online, presumably because she had elected to receive bills electronically when initially filling out her paperwork. It sounded a lot like a phishing email at first, so I started to look into it further. …

Widespread XSS Vulnerabilities in Ad Network Code Affecting Top Tier Publishers, Retailers

For most of us, the title of this post may not be very surprising. Any time we allow 3rd party scripts to run on our sites, we effectively relinquish control of the code that executes on the client. This is particularly important when integrating ad network scripts since they are inherently more dynamic than most other types of integrations, the cause of which is the …

Hijacking Verizon FiOS Accounts

I have written about some of my research into the Verizon My FiOS app in the past, including a vulnerability that compromised the email accounts of all users. I recently revisited this app after considering another possible attack vector against the My FiOS APIs. As a result, I identified a vulnerability that would have allowed an attacker to completely steal another …

Running a Hidden Tor Service with Docker Compose

The Docker craze is in full force and shows no signs of slowing down. Software containers seem to be one of the most significant game changers for DevOps since virtual machines. Docker’s development is active and its supporting projects (Compose, Machine, Swarm) are maturing quickly. Though the complete Docker ecosystem is interesting enough, Docker Compose has caught …

Reverse Engineering the Yik Yak Android App

Every once in awhile, I’ll  come across an app that implements some hardening techniques that make reversing a little more interesting. This was the case when I recently tried proxying the API requests for Yik Yak, a popular social media application exclusively available for mobile platforms that allows semi-anonymous user communication across a 5-mile radius (typically …

Cutting the Lights: Vulnerabilities in a Billboard Lighting System

On my way home one night, I noticed a highway billboard sign whose lights had switched on as I drove past. It caught my attention and I wondered how those lighting systems were controlled (I mostly assumed either timers or daylight sensors). I researched it a bit and wasn’t surprised to find SmartLink which, as their website says, is …