Website Evidence Collector Logo

Website Evidence Collector

By Isabel Barbera & Martijn Korse / 14th March 2020

The European Data Protection Supervisor (EDPS) has published a tool that can be used to inspect a website and report which cookies and related technologies are being used. It’s called the Website Evidence Collector, it’s open source and published under the European Union Public License. If you own / maintain a website, it can be…

Read More
Shodan Postman Collection

Shodan Postman Collection

By Martijn Korse / 18th December 2019

The Christmas holidays are coming and to those of you who feel like doing something adventurous: there is now a new way to visit the dark caverns of the internet. We created an exciting combination of two existing services that make this trip possible: A Postman collection of all the currently available Shodan API calls.…

Read More
jquery prototype pollution

Mitigating CVE-2019-11358 in old versions of jQuery

By Martijn Korse / 2nd August 2019

A few months ago, a new vulnerability was found in jQuery, affecting all existing versions of jQuery. It was fixed only in the new version 3.4.0.The SNYK website has a lot of detailed information about this ‘Prototype Pollution’ vulnerability, so I won’t go into that here. For those interested, follow this link : https://snyk.io/vuln/SNYK-JS-JQUERY-174006 What…

Read More

Don’t trust Google Links

By Martijn Korse / 17th December 2017

Phishing campaigns are lucrative and probably will continue to be so for a while longer: they are cheap to launch and it only takes a few recipients that click on your malicious link to be successful. But awareness about the dangers of clicking on links is slowly rising. So if you’re a bad guy, how…

Read More

User Friendly vs Secure

By Martijn Korse / 24th November 2017

Security is sometimes compared to healthy food. Quite a nice analogy: we all know we should eat healthy but we don’t always do it. The same is true for security: even though we know security measures are important, we sometimes favour a situation that is less secure. For various reasons.

Read More
Reproducible Builds

Reproducible Builds

By Martijn Korse / 12th October 2017

Last September a lot of users got infected with malware when they downloaded the CCleaner update. Hackers had been able to hide the Floxif Trojan inside the installer of the update. CCleaner is a utility program used to clean potentially unwanted files and invalid Windows Registry entries from a computer. This is a chart from…

Read More

Personal Data in URLs

Parameters in the url (GET parameters) are used to pass information to the destination on the target server. Quite often I see cases where these GET parameters are used to transmit personal data. For example, a company sends out a newsletter to their clients with a link to their website where they want to personalize…

Read More...