KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Vulnerability Found: Cyberoptix Tie Lab

Even though it has been more than 18 months since I reported this issue, the company is working with limited funds and technological constraints that prevent them from resolving this particular issue.  In order to prevent theft, they are now manually approving all orders before final billing and shipping. Anyone that is running an online…

Continue Reading

Vulnerability Found: Smith & Wesson

This is an older vulnerability I am posting for the sake of getting all my old content moved over to the new site. While browsing Gun Broker, I noticed several Smith and Wesson ads embedded in the page. After looking at the URL, I noticed the it looked like a normal PHP URL with GET…

Continue Reading

Vulnerability Found: [REMOVED] Engineering

The information I release for this vulnerability will be limited since the issue has not been patched.  I contacted [REMOVED] Engineering a little over a month ago and was told that they will be resolving the issue.  As of today (November 1st, 2014) the site appears to still be vulnerable. This vulnerability leaks information about employees…

Continue Reading

Vulnerability Found: IntravNews

This find was unique in that the result of me reporting the vulnerability to the owner, was in fact the owner taking the site down all together.  It has been a little over a month and the site is still down.  The site sold some pretty old software, so I am not sure if they…

Continue Reading

Vulnerability Found: BIOMIDS

The information I release for this vulnerability will be limited since the issue has not been patched.  As with the Radixx vulnerability, I contacted BIOMIDS twice over a month ago requesting someone get in touch with me so I can discuss the vulnerability with them, but they have not responded so far. The vulnerability in this case…

Continue Reading

Vulnerability Found: Radixx International

The information I release for this vulnerability will be limited since the issue has not been patched.  I contacted Radixx twice over a month ago requesting someone get in touch with me so I can discuss the vulnerability with them, but they have not responded so far. Vulnerability Type: Unsecured Access Implications:  Unauthorized access to…

Continue Reading

Blind SQL Injections

This PDF is a paper I wrote in 2012 demonstrating different blind SQL injection methods on different database platforms.  The information for Oracle is theoretical, due to my limitations at the time of platforms available for testing.  If I have the time, I will try to verify the Oracle method soon. The document covers blind…

Continue Reading

Patience

Please be patient while I prepare the site.  I have a lot of content to post, including some of the old stuff I posted on Kalypto.net.  The list of companies I have breached has grown. Most of them I can talk about, some have requested I not share the information. Check back often to stay…

Continue Reading

Hello world!

Welcome to my new site.  It has been some time since I have had a site up and running.  I can’t guarantee I will post often, but I will try to keep things updated and more interesting than last time. Thank you for stopping by and let me know if you have any ideas or…

Continue Reading

1 3 4 5