Last week, researcher Tavis Ormandy from Google Project Zero found and published a vulnerability in The LastPass browser extension. The vulnerability affects the Chrome and Opera extensions and could allow a malicious server to capture LastPass credentials. Neither LastPass nor Project Zero released details on how this exploit works but by reviewing the notes from Project Zero … [Read more...]

In an area of law that worries many white hat hackers, the Computer Fraud and Abuse Act (CFAA) makes testing websites and vulnerabilities somewhat risky. In 1986 the CFAA amended the Comprehensive Crime Control Act of 1984, to cover unauthorized access to a computer. Now , it seems that anyone can scrape public data from a website without violating the CFAA. Previously, … [Read more...]

If you use the password CorrectHorseBatteryStaple you may want to change it. This week, security researcher Troy Hunt revealed that someone recently breached the XKCD forums database. The attacker made this database public and released usernames, email addresses, and hashed passwords. Somewhat ironically XKCD, created by Randall Munroe, focuses on technical and IT humor. One … [Read more...]

Apple has been taking steps as of late to help catch vulnerabilities before they reach the hands of bad actors. For example, they recently began providing security researchers iPhones to make it easier for them to find vulnerabilities. At around the same time Apple also increased their bug bounty program to $1 million for the top prize of getting full control of a phone without … [Read more...]