Favstar gets even better if you sign in.
Just notified the 5th financial company of a zero-day in their Android app. They couldn't care less. Defcon will change that.
To teach security via gamification, we should create a worldwide network of vulnerable servers containing valuable data to steal!
I just found a Top 100 app that sends passwords over HTTP obfuscated with a Caesar cipher. Really.
I recommend asking interviewees for their passwords. If they comply, don't hire them.
I sent vuln reports using online forms to financial companies yesterday. They ignored the report, but now my phone gets spam calls.
Transfer File Over DNS in Windows (with 13 lines of PowerShell) http://breenmachine.blogspot.ca/2014/09/transfer-file-over-dns-in-windows-with.html … #PacITPros
I notified 22 top financial companies of Android app vulns; 1 is patching the app in May; the others don't care. Defcon may change that.
If you want a fast way to really stand out in infosec, try being polite and helpful to people who seem stupid to you.
eBay used PBKDF2 with 12,000 rounds of SHA-256, apparently. I appreciate criminals revealing the info, since eBay won't tell us.
There's serious hypocrisy in Linux developers protesting torture. Just saying.
How Gmail blocks spam, in very interesting detail https://moderncrypto.org/mail-archive/messaging/2014/000780.html?hn …
Don't use Amazon on open Wi-Fi networks https://samsclass.info/lulz/amazon-plaintext.png …
If I were Sony, I'd have doubled ticket prices for "The Interview" and sold T-Shirts saying "I Survived The Interview".
I teach Ethical Hacking at City College San Francisco. My statements are my own, not official positions of CCSF.
Like @sambowne’s tweets? Send them a Favstar Pro Membership to show you care.Gift them Pro!
Stats can't be shown as @sambowne hasn't signed in to Favstar recently.