[IRCCloud] History and Another XSS Bug Bounty

Personally, I have been a user of IRC since 2004 on some private networks and some other well-known ones such as Freenode. However, it was always inconvenient to have to set up an IRC Bouncer, so when IRCCloud came around, I was excited to try it and see if it provided me with a method of staying connected to all the required networks without having to download a new client…

[IRCCloud] Inadequate input validation on API endpoint leading to self denial of service and increased system load

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “to”: “#treehouse”, “msg”:”test”, “method”:”say”} I thought,…

Rise of the Machines: Arduino Bots

Robotics Week Its robotics week (April 5th – 13th) 2014 (http://www.nationalroboticsweek.org), on Arduino Day (29th March 2014) I posed the question “What will you Build?”.  Well here in the Pentura office, we went out and bought some Zumo Shields from Pololu.  The shields are also available from our favourite electronics provider Adafruit.  The shield is a quick an easy insertable arduino shield that slides perfectly into place on an Arduino Uno R3…

Ubertooth – Bluetooth Sniffing Updated for 2014!

Earlier I noticed this tweet on my twitter feed: Ubertooth release: https://t.co/cCYHNf34Yc I know it’s been a long time coming, I promise not to leave it so long next time. — Dominic Spill (@dominicgs) February 20, 2014 So I thought I would walk you through the update, which has improved Operating System support, improved Bluetooth Low Energy (BTLE) support, and GitHub integration to make community development easier….

Whitehatsec’s Aviator

A new web browser is brought to us from Whitehatsec called Aviator, built for speed, security and privacy.  Its based on the Open-Source Chromium browser and can utilise many of Chrome’s browser plugins. The browser boasts that with every website you visit, you are potentially vulnerable to malicious hackers out to steal your surfing history, passwords, email access, bank account numbers, medical info, and more. That the “big browsers” don’t do enough…