KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Five Things I Want to See in 2015

Well, we spun around the sun once again and are back where we started.  It is now 2015.  I am excited to see what this year will bring.  There are many changes in information security coming and many issues we will need to address this year.  Here are a list of InfoSec related things I…

Continue Reading

Vulnerability Found: Russian District of Tambov Government Site

The Russian District of Tambov’s government run website is vulnerable to a PostgreSQL injection.  The site is not fixed as I have tried sending several notices to the site owners, but every email I have sent bounced back and every “Contact Us” form I have submitted timed out without sending. As per usual, the actual…

Continue Reading

How Not To Use CloudFlare

For those that don’t know what CloudFlare is, please review their home page.  The basic idea behind CloudFlare is a reverse proxy that allows CloudFlare to protect websites from Denial of Service attacks, cross-site scripting, and a variety of other attacks. The important thing you have to realize though, is any information about a sites…

Continue Reading

A Safe and Merry Christmas

While I may not be Christian, I still celebrate Christmas.  It’s a time to spend with family and reflect on what your life means to you and to those that care about you.  It’s a time to think about who you want to be and what you need to do to become that person. Family…

Continue Reading

Regarding the Sony Hack…

Okay, I have to be careful how I write this and how much to say.  I don’t mean to make that sound exaggeratedly clandestine, but by the very nature of information security, it makes sense not to disclose everything that is not public already. But… let’s get this show on the road. Sony was not…

Continue Reading

My Seven Rules for Life

Do Not Wait. Waiting is what you do when you are passing time to get to something more substantial.  Life IS the substance.  Waiting for something else is simply wasting the time you have on Earth.  This is the time you will remember and the time you will judge your life on.  Spending your entire…

Continue Reading

Vulnerability Found: Alienware Arena

This vulnerability post originated from my old site and last updated on June 5th, 2013.  I have done some slight updates now that I am moving it over to my new site. Let me start this post with a note: I like and appreciate Alienware’s solid products. I have owned a couple Alienware laptops for years.  They have survived falling off a…

Continue Reading

Vulnerability Found: Cyberoptix Tie Lab

Even though it has been more than 18 months since I reported this issue, the company is working with limited funds and technological constraints that prevent them from resolving this particular issue.  In order to prevent theft, they are now manually approving all orders before final billing and shipping. Anyone that is running an online…

Continue Reading

Vulnerability Found: Smith & Wesson

This is an older vulnerability I am posting for the sake of getting all my old content moved over to the new site. While browsing Gun Broker, I noticed several Smith and Wesson ads embedded in the page. After looking at the URL, I noticed the it looked like a normal PHP URL with GET…

Continue Reading

Vulnerability Found: [REMOVED] Engineering

The information I release for this vulnerability will be limited since the issue has not been patched.  I contacted [REMOVED] Engineering a little over a month ago and was told that they will be resolving the issue.  As of today (November 1st, 2014) the site appears to still be vulnerable. This vulnerability leaks information about employees…

Continue Reading

1 3 4 5 6