New update – July 2010

I want to update my blog with this new post:
- I learned good things from BlackHat 2010 although I was not there! JavaSnoop is a great tool by the way. Although there are some minor bugs, this tool is solving many of my problems!

- Some software are immune against my reports like Fortify! I’m not sure if it’s a good thing for them however! This is not my policy!

- Burpsuite Pro is great and I’m waiting for the new version after fixing my issues (current version is 1.3.07).

- A dangerous CSRF vulnerability in Secunia Community has been fixed – in which attacker could change a user’s email address and then use forgot password feature to reset his/her password – immediately after my report.

More info: http://secunia.com/community/forum/thread/show/4856/notification_of_fixed_csrf_issue

- CodeProject.com wants to fix a vulnerability that I’ve reported 1 month ago.

- I’ve reported a Microsoft .Net security vulnerability to them and I’ve just received their first “thank you” email. Now, I’m waiting to see what would happen.

- I reported a dangerous CSRF vulnerability in BlogFa.com to them several months ago. Although they’ve fixed that issue, they did not give me any credit! Should I report their flaws in future? I’m not so sure!

- I want to release a powerful tool for Steganography in text soon! This is my MSc. project that I’ve changed it a bit.

About Soroush Dalili
Web application security pentester.

2 Responses to New update – July 2010

  1. hamid khatami says:

    Do you know me??