The Equifax Data Breach and the Apache Struts Vulnerability

Last week (9/7/2017), Equifax announced that on July 29 they discovered that an exploited web application vulnerability was being used to access a trove of consumer information for the previous 2 ½ months, until discovery.  Various news outlets, such as the New York Post are starting to report that the … Continue reading

ZeroBin XSS Vulnerability Patched in 0.19

Sébastien Sauvague has just informed me that he has released Version 0.19 to address the Cross-Site Scripting vulnerability that I wrote about in my previous blog post. You can find it at https://github.com/sebsauvage/ZeroBin/releases/0.19 Websites that host the ZeroBin software should update to this latest version.  Although the more modern browsers may mitigate … Continue reading

ZeroBin as a XSS Attack Platform

What if you could have hundreds of websites from which to launch an encrypted cross-site-scripting attack? What if the webservers could store the XSS attack code for you but could not decrypt it? What if the encrypted code could be set to expire after a set time or immediately after … Continue reading

Goodbye Oz Data Centa

All good things must come to an end.  The Oz Data Centa (ozdc.net) was a very useful tool for monitoring PasteBin and I for one will miss it.  The site was run by Lee Johnstone and had an innovative method of cataloging data breaches that were dumped to PasteBin.  Read the … Continue reading

Looking in Pastebin at the Hactivism Carnage

The Web and Twitter is full of news about all of the Israeli websites that have been breached or defaced by internet hackers.  Occasionally these articles will include a hyperlink to Pastebin.com, such as the “Anonymous declares ‘cyberwar’ on Israel” story on CNN.com that references a pastebin.com link with more … Continue reading

  • The postings and views on this site are my own and do not necessarily reflect the positions, strategies, or opinions of any current or previous employer.