The Christmas holidays are coming and to those of you who feel like doing something adventurous: there is now a new way to visit the dark caverns of the internet. We created an exciting combination of two existing services that make this trip possible: A Postman collection of all the currently available Shodan API calls.…
Read More
A few months ago, a new vulnerability was found in jQuery, affecting all existing versions of jQuery. It was fixed only in the new version 3.4.0.The SNYK website has a lot of detailed information about this ‘Prototype Pollution’ vulnerability, so I won’t go into that here. For those interested, follow this link : https://snyk.io/vuln/SNYK-JS-JQUERY-174006 What…
Read More
It has been a while since tools like Qualys’ SSLLabs and testssl.sh are reporting on the usage of CAA records. So anyone caring about the quality and security of their SSL connection will probably have noticed its existence by now. But what is it for and how do you configure it? In short: using a…
Read More
At BitnessWise we recently did a review of a few Two Factor Authentication (2FA) plugins for WordPress. First we selected some candidates based on usability and free-version features and after that performed a technical review of the plugin. This revealed a vulnerability we’d like to discuss in this post for future reference and to better…
Read More
Last weekend, almost exactly between April Fools’ Day and Halloween, Google played a prank and scared us! If you have used Gmail on different devices, you probably know the kind of message you get when you log in from a different device. Additionally, you might be presented with a security question if Google doesn’t trust…
Read More
Phishing campaigns are lucrative and probably will continue to be so for a while longer: they are cheap to launch and it only takes a few recipients that click on your malicious link to be successful. But awareness about the dangers of clicking on links is slowly rising. So if you’re a bad guy, how…
Read More
Shodan Postman Collection
The Christmas holidays are coming and to those of you who feel like doing something adventurous: there is now a new way to visit the dark caverns of the internet. We created an exciting combination of two existing services that make this trip possible: A Postman collection of all the currently available Shodan API calls….
Mitigating CVE-2019-11358 in old versions of jQuery
A few months ago, a new vulnerability was found in jQuery, affecting all existing versions of jQuery. It was fixed only in the new version 3.4.0.The SNYK website has a lot of detailed information about this ‘Prototype Pollution’ vulnerability, so I won’t go into that here. For those interested, follow this link : https://snyk.io/vuln/SNYK-JS-JQUERY-174006 What…
Implementing a CAA Record
It has been a while since tools like Qualys’ SSLLabs and testssl.sh are reporting on the usage of CAA records. So anyone caring about the quality and security of their SSL connection will probably have noticed its existence by now. But what is it for and how do you configure it? In short: using a…
Two Factor Authentication Cross Site Request Forgery (CSRF) vulnerability (CVE-2018-20231)
At BitnessWise we recently did a review of a few Two Factor Authentication (2FA) plugins for WordPress. First we selected some candidates based on usability and free-version features and after that performed a technical review of the plugin. This revealed a vulnerability we’d like to discuss in this post for future reference and to better…
We prevented a sign-in attempt
Last weekend, almost exactly between April Fools’ Day and Halloween, Google played a prank and scared us! If you have used Gmail on different devices, you probably know the kind of message you get when you log in from a different device. Additionally, you might be presented with a security question if Google doesn’t trust…
Don’t trust Google Links
Phishing campaigns are lucrative and probably will continue to be so for a while longer: they are cheap to launch and it only takes a few recipients that click on your malicious link to be successful. But awareness about the dangers of clicking on links is slowly rising. So if you’re a bad guy, how…
Privacy Notice
Privacy Notice v.01
This privacy notice applies to PrivacyWise. It explains how we use any personal data we collect about you when you use this website.
What data do we collect about you?
Your email address is collected when you voluntarily send us an email.
Logs are automatically generated each time you access our website with for example your browser or mobile application. These server logs may include information such as your web request, IP address and browser type.
How will we use this data about you?
Your email address: we will use it only to give answer to your request. The server logs: are only being used for debugging purposes in case of problems on the blog. We do not link this automatically-generated data to other personally identifiable information like your email address.
We do not share any information with third parties.
Where do we store your data?
Our servers are located in The Netherlands.
How long do we store your data?
Not longer than necessary for the purpose of the processing.
What rights do you have?
You have the right to rectify and delete the data you have provided to us. You can also object to the processing or its temporal restriction.
You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (AP).
Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.
We only use Google Analytics cookies. These are third party cookies that are used to collect information about how visitors use our site. We use the information to help us improve the site. We have an agreement with Google which states that information is collected in an anonymous way, the last octet from the IP addresses is masked and data is not shared. We do not use any other services from Google. You can opt out from Google Analytics cookies installing the Google Analytics Opt-out Browser Add-on from this link .
Read more in Google's overview of privacy and safeguarding data
Links to other websites
We are not responsible for the practices employed by websites or services linked from our site, including the information or content contained therein. Please remember that our Privacy Notice does not apply to third-party websites or services. In our site you can find links to Twitter and LinkedIn.
Changes to our privacy notice
We keep our privacy notice under regular review and we will place any updates on this website. This privacy notice was last updated on 8 August 2018.
How to contact us
Please contact us if you have any questions about our privacy notice or data we hold about you at 
.