I want to update my blog with this new post:
- I learned good things from BlackHat 2010 although I was not there! JavaSnoop is a great tool by the way. Although there are some minor bugs, this tool is solving many of my problems!
- Some software are immune against my reports like Fortify! I’m not sure if it’s a good thing for them however! This is not my policy!
- Burpsuite Pro is great and I’m waiting for the new version after fixing my issues (current version is 1.3.07).
- A dangerous CSRF vulnerability in Secunia Community has been fixed – in which attacker could change a user’s email address and then use forgot password feature to reset his/her password – immediately after my report.
- CodeProject.com wants to fix a vulnerability that I’ve reported 1 month ago.
- I’ve reported a Microsoft .Net security vulnerability to them and I’ve just received their first “thank you” email. Now, I’m waiting to see what would happen.
- I reported a dangerous CSRF vulnerability in BlogFa.com to them several months ago. Although they’ve fixed that issue, they did not give me any credit! Should I report their flaws in future? I’m not so sure!
- I want to release a powerful tool for Steganography in text soon! This is my MSc. project that I’ve changed it a bit.