It has become tradition to write a short review of the last year and the plans for the next one.
The year 2015
In 2015 we did not spend much time on the project internetwache.org compared to the years before. The low count of published articles (9 blogposts) and also the drop of positions on plattforms like Bugcrowd or HackerOne testify this. There are apparently not only not-sleeping competitors, but we have also been busy with our jobs, university or other projects.
But once we published an article on Internetwache.org, it often was thought-out and a well-structured research, which was discussed by a large audience or at least out Twitter followers.
It is a honour that our research on the AXFR-Transfer of the Alexa Top 1M lead to one of twelve alerts of the US-CERT in 2015 and was also covered in a lot of press articles.
A similar research which focused on non-protected Git-Repositories didn’t get a lot of attention from the security community, because other researchers published similar results a couple of days earlier - but we are quite happy with our results and the new knowledge.
There were a few other research ideas, but until now we did not find any time for a concrete plan to work on it. We hope that we’ll find the time in 2016 and succeed to present nice results on our blog.
Sebastian launched some other projects. For example a security-blog for personal stuff and research that doesn’t fit Internetwache.org: 0day.work. On the beginning of the year 2015 he also released the Bugbounty Portal, which doesn’t have a lot of activity until now.
Tim achieved a long pursued goal and finished his first book “Hacking im Web”. It also features some blogposts from internetwache.org and will be available in german only. The book consists of nearly 500 pages and will be published at the “Franzis Verlag” during the first quarter of 2016.
To finish off 2015 with a bang, Sebastian and Tim met on the 32nd Chaos Communication Congress (32C3) in Hamburg. As always it was fun we learnt a lot of new stuff. Sebastian even met a Cloudflare securtity engineer by just wearing the Cloudflare-bugbounty-T-shirt.
Outlook for 2016
We’re planning for to do more ‘generic’ research as showed above and try to warn about global problems. We think that this helps to get an overview of the current state of websecurity and that it will help more administrators than, for example, check only some specific webapplications. Nevetheless we’re still going to participate in bugbounty programs and stick to the general idea of internetwache.org.
The follower count on our @internetwache slowly approaches the magic number of “1000” - that’s why we will be doing a community event, but we do not want to spoil too much now. Stay tuned!
Since the beginning of internetwache (in 2012) our main focus has been web-application security, but we’re always looking on other things, too. Sebastian is going to dive into mobile application security soon and Tim wants to explore the security of SCADA and ICS and find out about information ethics.
Good luck for 2016!
The team of internetwache.org