Application Security Weekly for May 6

by Bill Sempf 6. May 2018 16:44

Good intro to fingerprinting web servers.  This has been codified in the past but the tools are all old.  Need to resurrect an open source project.


I mentioned CVE-2018-2628 and my Nikto test for it in an earlier newsletter.  Well, apparently the patch doesn't work.


Nice video of finding and exploiting another hole in the PDF format.  Apparently they are so common now we just livestream them.


I am fond of saying that the government can outlaw as much encryption as they want, if the bad guys have two coins and a pencil, they can make as much unbreakable encryption as they want with a one-time pad. (Not my line and I don't remember the source sorry)  Here is another nice new pencil and paper cipher.


Finally.  PHP has a security flaw.  WHAT YEAR IS IT??


And that's the news.


Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites