Other articles

  1. Sibylla - Unlimited discount coupons


    • The Sibylla app uses plain HTTP.
    • Not any verification of email used when logging into the app.
    • The Sibylla server stores whether a coupon has been consumed or not for a certain email address.
    • The app doesn't use the stored information at the server to decide whether a coupon has been used or not for a certain email.
    • The "consumed" value seems to be stored locally in the app.
    • Wiping the data/cache in Android's app settings will …
    read more
  2. Timing Attack - Proof of Concept

    You might have heard about timing attacks, but either thought it sounded too complicated to understand or that it is too complicated to actually do such an attack. In this post I'm going to give a brief overview of a timing attack and also provide some example code that you can play with on your own. Hopefully after reading this post you will understand that you cannot neglect this if you are creating a system where security is needed.

    What …

    read more

Page 1 / 1