-
My social media profiles:
-
Latest posts:
- Editie NL: Russische hackersgroep ‘Laundry Bear’ achter cyberaanvallen op Nederlandse politie
- NOS Stories: #TikTokRefugees massaal naar andere Chinese app
- Radio 1 Pointer: Een foto omtoveren tot naaktfoto of voorzien van borstvergroting? ‘Het is kinderspel’
- BNR: Operation Endgame – Grootste actie ooit tegen ransomware, 5 botnets uit de lucht gehaald
- Radio 1: Banken adviseren om cash geld in huis te hebben: logisch of bangmakerij?
-
Categories:
- 3FM
- advertising
- analysis
- anti-malware
- article
- automation
- backup
- banking
- biometrics
- bluetooth
- bnr nieuwsradio
- browser security
- bug
- camera
- chat-app
- child porn
- computer worm
- copyright
- critical infrastructure
- cross-site scripting
- cryptography
- cyber crime
- cyber security
- cyber terrorisme
- cyber warfare
- data leakage
- ddos
- deanonymization
- demonstration
- discussion
- drive-by
- e-voting
- election hacking
- espionage
- fake profiles
- FunX
- hacking
- hart van nederland
- identity theft
- internet of things
- interview
- javascript
- kassa
- law enforcement
- magazine
- massasurveillance
- media
- menu
- mobile phone
- multi-factor authentication
- nos
- online banking
- online dating
- osint
- password
- pentesting
- phishing
- php
- php security
- physical security
- podcast
- politics
- presentation
- privacy
- privacy awareness
- radio
- radio 1
- ransomware
- responsible disclosure
- russia
- sap
- scam
- scoping
- search engine optimization
- security
- security advice
- security assessment
- security audit
- security awareness
- security management
- security monitoring
- security vulnerability
- seo
- smart devices
- social media
- software development
- telecom
- tv
- uncategorized
- vulnerability management
- website
- website security
- wi-fi
- wiretapping
- witwassen
- zero day
-
Main menu:
Author Archives: Sijmen Ruwhof
Scanning an enterprise organisation for the critical Java deserialization vulnerability
On November 6, security researchers of FoxGlove Security released five zero day exploits for WebSphere, WebLogic, JBoss, Jenkins and OpenNMS. These software products are used everywhere in enterprise organizations and with the published exploits remote malicious code can be unauthenticated executed. … Continue reading
Posted in analysis, security vulnerability, zero day
25 Comments
How I could hack internet bank accounts of Danish largest bank in a few minutes
In August I visited the Chaos Communication Camp near Berlin. Once every four years this great and world’s greatest hacker festival is organized. I spoke with a couple of cool Danish hackers there and we talked about internet security and … Continue reading
Posted in responsible disclosure, website security
183 Comments
Full disclosure: multiple critical security vulnerabilities (including a backdoor!) in PHP File Manager
In July 2010 I was looking for a web based file manager that I could use on my own web server. After some research I found the PHP File Manager from Revived Wire Media. A basic, but good looking web … Continue reading
M-FILES radio: ‘Rest In Privacy’
Deze week was ik te gast in de radioshow van M-FILES wat ging over online privacy. Vanaf 22:12 minuten is mijn bijdrage te horen:
Posted in hacking, podcast, privacy, radio, security awareness
Comments Off on M-FILES radio: ‘Rest In Privacy’
Lukt het om in te breken in de website van Massa Media?
Die vraag stelde een TV-ploeg van RTV Utrecht mij:
Posted in hacking, website, website security
Comments Off on Lukt het om in te breken in de website van Massa Media?
Security risk analysis of address bar spoofing bug in Chrome and Opera
On June 30, 2015 security researcher David Leo publicly disclosed a vulnerability in Google Chrome on the full disclosure mailing list. Via this vulnerability it is possible to spoof the location of the address bar in the latest version of … Continue reading
Posted in browser security, bug, phishing
Comments Off on Security risk analysis of address bar spoofing bug in Chrome and Opera
De wereld van hacking
Gisteren heb ik onderstaande presentatie gehouden op het Privacy & Security symposium van hogeschool Windesheim:
Posted in hacking, presentation
Comments Off on De wereld van hacking
Mitigations against critical universal cross-site scripting vulnerability in fully patched Internet Explorer 10 and 11
This week David Leo disclosed a critical universal cross-site scripting vulnerability in fully patched Microsoft Internet Explorer 10 and 11 (from now on called the UXSS leak). He notified Microsoft on October 13 last year, but Microsoft didn’t publish a … Continue reading
Cross-site scripting in millions of web sites
In August 2014 I found a severe cross-site scripting security vulnerability in the latest version (1.13.0) of the ‘jQuery Validation Plugin‘ during a security penetration test for a customer. This jQuery plugin which adds easy form validation functionality to a web site, is … Continue reading
Posted in cross-site scripting, Google, php, responsible disclosure
62 Comments
2.364 Nederlandse bedrijfswebsites met ernstige beveiligingslekken
Toen ik in oktober 2012 op internet op zoek was naar een nieuwe auto, kwam ik een autobedrijf tegen waar ik een auto wou gaan kopen: (bovenstaande website is van een willekeurig bedrijf uit de lijst die ik later beschrijf) … Continue reading
Password hash disclosure in Linksys Smart WiFi routers
This is my tale about reporting a specific security vulnerability in a major product, just to give some insight in how responsible disclosures are handled by a security researcher (me) and various software companies (Cisco, Linksys and Belkin). On May … Continue reading
Posted in password, responsible disclosure
5 Comments
Wat te doen tegen hard coded databasewachtwoorden in configuratiebestanden?
Kreeg vandaag de volgende vraag binnen waarvan mijn antwoord ook voor anderen nuttig kan zijn: Is er een beveiligingsoplossing tegen hard coded databasewachtwoorden, zoals bijvoorbeeld het geval is bij websites die in de programmeercode het MySQL-wachtwoord in een configuratiebestand hebben opgeslagen? … Continue reading
Security audits as an integral part of PHP application development
More often than not, web applications start off as a bright idea, which is then brought into realization at a fast and furious pace, with little eye for anything but result. Once all envisioned functionality is incorporated in the design … Continue reading
Posted in php security, presentation, security audit, website
Comments Off on Security audits as an integral part of PHP application development
NU.nl gehackt: Malware-analyse
NU.nl is gehackt, zo schrijft hun weblog vandaag, waarbij mogelijk 100.000 computers zijn besmet met kwaadaardige code. Ik was benieuwd naar wat voor kwaadaardige code werd geïnjecteerd en heb deze dan ook geanalyseerd. Laat je testen of je geïnfecteerd bent Naar … Continue reading
Posted in analysis, drive-by, security vulnerability, website
66 Comments
Presentation: Next in security
Slides from a presentation that I gave about the developments in the hacking world:
Posted in presentation, security
Comments Off on Presentation: Next in security