A lot of time has passed since we published the last blog post. We want to give a brief status update and an overview of the events of the recent months.
Internetwache is now over 2 years old. We have over 600 followers on Twitter @internetwache and we have about 2000 tweets. We would like to thank all the readers and supporters and look forward to further awesome whitehacking-years.
Other notable events:
Participation in the Lanaru.com project
In mid-April we were asked by the Lanaru team to participate in their project. This project is similar to Bugcrowd or Crowdcurity has the goal to become a crowdsourced security platform for the region NL, BE, GER and it consumed most of our spare time during the last 6 month. The other team members are all awesome people and we really had a lot of fun learning new things there. Unfortunately, repeated delays and team-internal disagreements had led us to the decision quit the project. Nevertheless, we wish them all the best and we’re looking forward to be testers on their platform.
Currently, Tim is working on a new security project. However, at this time there is no clear concept, but we will inform you once there are any news.
Expiration of our wildcard SSL certificate and switchover to a self-signed one.
In early August, our wildcard SSL certificate expired after one year. We had obtained the SSL-certificate for $ 10 during a campaign. Unfortunately, these certificate are not that cheap (~ 100 + € / year). Arguing that we mainly only offer static HTML files and without a lot of personal data except accessed URLs/cookies, we decided to go with a self-signed certificate.
You might experience a SSL warning when accessing the HTTPS version.
1 2 3 4 5 6 7
Release of an encoding tool on GitHub
We’d be happy if you push back any code changes (e.g. implementing more algorithms) to our repo (Pull requests are awesome!).
Hacking at Bugcrowd to stay in the Top10
The competitiors never sleep - unlike us - ;). In order to keep us in Bugcrowds Top10, we submitted a load of vulnerabilities. So far, the validation resulted in a bunch of duplicates, but we came across some (interesting) valid vulnerabilities, too. We hope to keep our place in the top 10 in 2014!
Publication of a Lin klist
During a trip through Poland, Sebastian had another indea: A public link list containing links to some resources about hacking. Often you stumble upon some interesting links on Twitter or somewhere else (e.g. new tools/exploits/papers…). In order to put all the bookmarks in one place and share them you (sharing is sexy! ;) ), we feature a Link List now. Additions to the list are very welcome, just send us a tweet or an email if you find a nice website/tool/exploit/something else.
Hacking other bug bounties
Even though we’ve been quite silent lately, we were of course surfing the internet. We have attended some bounties and have even received rewards. We have been particularly active on HackerOne. Since HackerOne reports are publicly available, we do not write about them anymore. If you are intrested in some of our bugs just take a look at our HackerOne Account or search for “Internetwaceh” on the unofficial H1 disclosure timeline. Unfortunately, all the “interesting” reports are still on hold for public disclosure.
Sebastian faces his 5th semester of computer science degree and hacks here and there ;) He has been busy with his studies and therefore has not been so active in whitehacking. Addtionally, I’m working on some non-security projects. My Twitter
In the meantime Tim gained his A-levels and started a degree in business IT. After graduation, I traveled to Malaysia and Cambodia and visited @Yappare , a top-hunter from Bugcrowd. It was really nice to talk to him and I wish him all the best! I also got many cultural impressions and experiences. In addition to that, I got some new power and ideas for hopefully nice projects in the future. Latest projects can always be found on my website or on my Twitter @TimPhSchaefers.
Stay tuned, the team of Internetwache.org