We talk to you about

Data Privacy & Security

We talk to you about

Data Privacy & Security

Our last posts

Our last posts

Two Factor Authentication Cross Site Request Forgery (CSRF) vulnerability (CVE-2018-20231)

At BitnessWise we recently did a review of a few Two Factor Authentication (2FA) plugins for WordPress. First we selected some candidates based on usability and free-version features and after that performed a technical review of the plugin. This revealed a vulnerability we'd like to discuss in this post for future reference and to better understand the issue. Many people think the security of WordPress is bad to begin with and they might also think ...

We prevented a sign-in attempt

Last weekend, almost exactly between April Fools' Day and Halloween, Google played a prank and scared us! If you have used Gmail on different devices, you probably know the kind of message you get when you log in from a different device. Additionally, you might be presented with a security question if Google doesn't trust it. This is actually a really cool feature because it 'sort of' acts like 2FA¹: if you log in with ...

Don’t trust Google Links

Phishing campaigns are lucrative and probably will continue to be so for a while longer: they are cheap to launch and it only takes a few recipients that click on your malicious link to be successful. But awareness about the dangers of clicking on links is slowly rising. So if you’re a bad guy, how would you keep convincing people to click on the link to your malicious website once pretty much everyone has learned ...

Data Privacy

Security