Clik here to view.
LinkedIn reassures users that their information is secure
Professional social networking site LinkedIn has moved to assure users that their information is secure, following a highly-publicised security breach earlier this month. “By now, many of you have read...
View ArticleClik here to view.
Security audit for commercial sites
An interesting note found in a recent online security report has stated that malicious programmers have begun to target specific social websites for drive-by infections. While in the past scammers...
View ArticleClik here to view.
Lawsuit argues LinkedIn failed to meet vulnerability management obligations
Security breaches like the one that affected professional social networking site LinkedIn on June 6 can be costly, both financially and in terms of lost consumer confidence. Penetration testing can...
View ArticleClik here to view.
Google data shows value of penetration testing and regular security audits
Alongside penetration testing and regular security audits, ensuring safe online browsing practices can be one of the best ways to ensure your business remains protected from external threats. A new...
View ArticleDumping Windows Credentials
By Sebastien Macke, @lanjelot Introduction During penetration testing engagements, we often find ourselves on Windows systems, looking for account credentials. The purpose of this post is to walk...
View ArticleThe Anatomy of a Security Breach.
Securus Global’s approach to minimising your risks… By now, you have probably read about the Target security breach: (Nothing new… this happens all the time)....
View ArticleHow I got root with Sudo
By Sebastien Macke, @lanjelot Introduction During security engagements, we regularly come across servers configured with the privilege management software Sudo. As with any software, the principle of...
View ArticleSolutions to the Sudo Challenge!
By Sebastien Macke, @lanjelot A few weeks ago, we posted a security challenge in our “How I got root with Sudo” article on how to escalate privileges on real world examples of insecure Sudo...
View ArticleCVE-2014-6271 (“Shellshock”) and exploit PoC
By Andy Yang (A little bit of background on this post – one of my colleagues, Norman Yue, posted something about the Internet being on fire to LinkedIn yesterday, regarding the bash bug. This blog post...
View ArticleSSLv3 and POODLE
By Norman Yue (LinkedIn) For those of you paying attention to mailing lists early last night, you may have noticed a curious email come through, regarding a “Truly scary” SSL3.0 vulnerability about to...
View Article
