Application Security Weekly for May 6

Good intro to fingerprinting web servers.  This has been codified in the past but the tools are all old.  Need to resurrect an open source project.


I mentioned CVE-2018-2628 and my Nikto test for it in an earlier newsletter.  Well, apparently the patch doesn't work.


Nice video of finding and exploiting another hole in the PDF format.  Apparently they are so common now we just livestream them.


I am fond of saying that the government can outlaw as much encryption as they want, if the bad guys have two coins and a pencil, they can make as much unbreakable encryption as they want with a one-time pad. (Not my line and I don't remember the source sorry)  Here is another nice new pencil and paper cipher.


Finally.  PHP has a security flaw.  WHAT YEAR IS IT??


And that's the news.

Comments are closed