2014 was another very awesome year. We’ll write about some of the highlights in this article and tell you about why 2014 was important for us and our project @internetwache. Last but not least, we’ll give a sneak preview of our plans for 2015.
First of all: We wish all our readers a happy new year! A special writeup about Internetwache in 2014 and other projects will be published in about a week.
To be honest we planed to publish an article every day of the #31c3, but as you might have read in the other posts: We were very busy meeting cool people, hearing awesome talks and finally being tired as hell :) So we decided to postpone the blogposts after the #31c3. Finally we got some time after New Year’s Eve (without internet) to write down the experiences of the last two days.
Our second day at the #31c3 was also very nice - we want to summarize our impressions of the second day in this blogpost. But before we start we will let you know how we finished the first day.
The winter is the time for us members of @internetwache to meet in one place and there’s no better place to meet than the 31. Chaos Communication Congress in Hamburg. So we did it :) This is a blogpost about our experience of the first day and the intresting talks we listened to.
More than a year ago, we discovered a small XSS in Skype’s videomail API which landed us a warm place in Microsoft’s HoF.
During a bugbounty hunt Sebastian discovered a script-context XSS with the injection point being a string. As you know, all modern browsers like Firefox, Chromium, IE automatically encode the apostroph. However, this issue still remains exploitable.
More than a year ago, we reported a remote code execution bug to one of our fellow security researcher and trainer Mohamed Ramadan over at attack-secure.com
Last year (around the 20th of October), Sebastian was working on a project in Ruby on Rails. While writing some really dirty code, he noticed that it’s possible to run into XSS issues by nesting rails’ form helpers.
It has been a long time since we posted a security article. So here we go with two little SQL Injection vulnerabilites that we discovered in an AVIRA product roughly a year ago.
A lot of time has passed since we published the last blog post. We want to give a brief status update and an overview of the events of the recent months.