Apple Explains Mysterious iPhone 11 Location Requests
KrebsOnSecurity ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data.…
BlackDirect: a vulnerability in Microsoft OAuth 2.0 may allows attackers to takeover Microsoft and Azure Accounts
Security researcher Omer Tsarfati from CyberArk has discovered [1] a vulnerability in Microsoft’s OAuth implementation that may allows attacker to create authentication tokens with the victim’s permissions. This could let a malicious attacker access and …
Thinking about color
Color is my day-long obsession, joy and torment - Claude MonetOver the last two years we’ve tried to improve our usage of color at Cloudflare. There were a number of forcing functions that made this work a priority. As a small team of designers and engineers we had inherited a…
Netsons.com security breach: some customers’ data may have been leaked
Recently, the italian hosting provider Netsons [1] discovered some unauthorized access on its Management System, occurred on March 2019. According with GDPR article 34 [2], Netsons had to inform its custover about the databreach. Here …
How to Hack UnrealIRCd Using Python Socket Programming
UnrealIRCd is an open-source IRC server that has been around since 1999 and is perhaps the most widely used one today. Version 3.2.8.1 was vulnerable to remote code execution due to a backdoor in the software. Today, we will be exploiting the vulnerability with Metasploit, examining the underlying code to…
RIPlace: a new evasion technique that allows ransomware to bypass most antivirus
Researchers by cybersecurity firm Nyotron has discovered a new way that lets windows malware to modify files in a unique style that current anti-ransomware solutions are unable to identify. The technique [1] exploits documented Windows …
The iPhone 11 Pro’s Location Data Puzzler
One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at…
An Update on Android TLS Adoption
Posted by Bram Bonné, Senior Software Engineer, Android Platform Security & Chad Brubaker, Staff Software Engineer, Android Platform Security Android is committed to keeping users, their devices, and their data safe. One of the ways that we keep data safe is by protecting network traffic that enters or leaves an…
How to Securely Sniff Wi-Fi Packets with Sniffglue
Sniffing packets over a network is an easy way for hackers to gather information on a target without needing to do much work. But doing so can be risky if sniffing packets on an untrusted network because a payload within the packets being captured could be executed on your system.…
The Serverlist: Full Stack Serverless, Serverless Architecture Reference Guides, and more
Check out our tenth edition of The Serverlist below. Get the latest scoop on the serverless space, get your hands dirty with new developer tutorials, engage in conversations with other serverless developers, and find upcoming meetups and conferences to attend.Sign up below to have The Serverlist sent directly to your…
How to Hack MacOS with Digispark Ducky Script Payloads
The USB Rubber Ducky and the Digispark board both suffer from the same issue when attacking macOS computers: a keyboard profiler pop-up which tries to identify any non-Apple USB keyboards. While it's an annoying setback, the solution is a simple modification that allows Mac computers to be targeted, which affects…
Michael Gillespie, the Ransomware Superhero
Despite in the last months the infection number is decreasing (source), finding yourself with personal or corporate files blocked by a ransomware attack is a widespread drama. But luckily there are little-known people who work …
A History of HTML Parsing at Cloudflare: Part 2
The second blog post in the series on HTML rewriters picks up the story in 2017 after the launch of the Cloudflare edge compute platform Cloudflare Workers. It became clear that the developers using workers wanted the same HTML rewriting capabilities that we used internally, but accessible via a JavaScript…
A History of HTML Parsing at Cloudflare: Part 1
To coincide with the launch of streaming HTML rewriting functionality for Cloudflare Workers we are open sourcing the Rust HTML rewriter (LOL HTML) used to back the Workers HTMLRewriter API. We also thought it was about time to review the history of HTML rewriting at Cloudflare.The first blog post will…
Introducing the HTMLRewriter API to Cloudflare Workers
We are excited to announce that the HTMLRewriter API for Cloudflare Workers is now GA! You can get started today by checking out our documentation, or trying out our tutorial for localizing your site with the HTMLRewriter. Want to know how it works under the hood? We are excited to…