Categories
Security & Compliance

WhatsApp put an emoji their URL

Emoji characters already appeared in DNS, but now also in an URL. And Google shows them perfectly what makes me wonder if all parts of their codebase are ready to handle this correctly or that it is an incident. So the big question is when marketeers and/or criminals start to use this to trick people […]

Categories
Security & Compliance

Emoji in URLs are probably a bad idea…

On the dns-operations mailing list, there were already discussions about parties who bought domains like ?.com (xn--e5h.com), but the following is also an interesting development. When will we find pages with “special” Web Open Fonts and that become active when you press Ctrl-Shift?

Categories
Security & Compliance

Is CWE-525 still relevant?

During a code upgrade for a web application from Symfony 2.8 to 3.3 it also became time to do some basic tests with Zed Attack Proxy. While most findings were logical and easy to fix, but one was different and it started with the finding below. Description: The AUTOCOMPLETE attribute is not disabled on an […]

Categories
Security & Compliance System Administration

Kali Linux 2016.2

Last week Kali Linux 2016.2 was released so it was time to make a new VirtualBox instance for it to see the difference from the release in January. But let’s automate a little bit to quickly rebuild virtual machines for Kali Linux. $ cd ~/Downloads $ wget http://cdimage.kali.org/kali-2016.2/kali-linux-2016.2-amd64.iso Let’s create the virtual machine and boot […]

Categories
Security & Compliance

How not to do key management

Clearly, the motel management forgot to configure all the locks and keys as they are still in their default state. It makes you wonder about other places with similar setups.