New AWS region: eu-west-2

Two years ago I've leaked the eu-central-1 in Frankfurt. Today I found the first hints for a new region called eu-west-2. There are already API endpoints with a valid DNS record and a correct TLS subject in the certificate reachable: $ timeout 1 openssl s_client -connect

$2.674 from Google for a solar plant in Tanzania

In January 2015, Google launched an experimental program called Vulnerability Research Grants to complement the long-running Vulnerability Reward Program, with the goal of rewarding security researchers who verify the security of Google products and services, even in the case when no vulnerabilities are found. As a regular reporter to the

Rubjerg Knude Lighthouse

In 1994 I was the first time at Rubjerg Knude. This lighthouse is located on the coast of the North Sea in Rubjerg, in the Jutland municipality of Hjørring. At this time I bought my first analog camera - a small analog APS camera. Unfortunately I can't remember the brand.
How secure is Apple?

How secure is Apple?

Since 2005 Apple has been listing all responsible disclosed vulnerabilities (web application security) on a dedicated page. There are in total 435 bugs listed, reported by hundreds of individuals. In 2011 I've already made a posting about vulnerabilities I've found in Apple's sites. This posting was called Apple XSS Gallery

New AWS region: eu-central-1

In March Andy Jassy, senior vice president of Amazon Web Services Unit said to the Wallstreet Journal, that Germany is "one of the few countries" where customers are asking for a data center "on their own soil". This news is now 4 month old and it looks like that a

SonarQube/Sonar SQL Injection

Last year I found a exploitable boolean-based / AND/OR time-based blind SQL injection vulnerability in Sonatype SonarQube >=3.4 and <3.6.1. CVSS v2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:C) Overall Score: 9 SonarQube (formerly Sonar) is an open source platform for Continuous Inspection of code quality. This is the first public advisory of the issue. This advisory additionally includes a list of fixed and undisclosed XSS bugs in Sonar >=3.5.1. Timeline * 2013-04-31 Filled a bug in Sonar Ji